HI experts
i have the following questions on URPF,
1) " ip verify unicast reverse path" and "ip verfiy souce rechable via rx "
are these commands have same effect or are they different .
2) secondly i dont see any use of " ip verfiy unicast source rechable via
any " command as it still allows packets to enter form one interface even
though their source address can be reached by other interface . This can
always open doors for spoof attacks . in what way this command is changing
security posture of a device ?
3) by default what is the encryption method used by snmp v3 if not specifed
. can i run both ver 2 and v3 simultanously on same device.
4) AS ssh allows for more advanced security by encrypting the session .
what encryption method it uses ?
5) what s default ASA firewall behavior when it receive fragmented packets .
(drop or farward ) . is their any similar concept in firewal like ios
Virtual fragment reassembly ?
6) what is defference if i add port security to the following command " ip
verify source " how does the processing behaves differently with "port
security " keyword
or i need to enable port security prior to issuing " ip vefigy source port
security "
Thanks
Blogs and organic groups at http://www.ccie.net
Received on Mon Mar 07 2011 - 18:21:24 ART
This archive was generated by hypermail 2.2.0 : Fri Apr 01 2011 - 06:35:41 ART