Re: [nsp] ip spoofing prevention

From: Brian (bri@sonicboom.org)
Date: Fri Feb 09 2001 - 02:01:23 EST


A typical approach is to put a line at the top of an access list inbound on your net facing interface that blocks traffic with your LAN block of ips as the source, since traffic coming from the net should never have your LAN's IP as a source. It is also useful to block rfc 1918, aka private IP space as a source.

    Brian
  ----- Original Message -----
  From: Eric Chan
  To: cisco-nsp@puck.nether.net
  Sent: Thursday, February 08, 2001 9:01 PM
  Subject: [nsp] ip spoofing prevention

  i know we can use tcp intercept to prevent SYN flood
  did anyone know any method to prevent ip spoofing in cisco ios ??

  thanks

  eric



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:27 EDT