[c-nsp] Anti-spoofing measures

Peter Wan peter.n.wan at gmail.com
Thu Apr 14 19:56:30 EDT 2005 

Hello Michael, check out

http://www.cymru.com/Documents/secure-ios-template.html

for various techniques in this regard.  This Website is a good
reference material site as far as I can tell.  --Peter

On 4/14/05, Earls, Michael <Michael.Earls at 53.com> wrote:
> Can someone send examples of ACLs used to block or prevent Anti-spoofing at the ISP edge.
> 
> My ACL today:
> 
> !-- Deny RFC3330
> access-list 110 deny ip 127.0.0.0 0.255.255.255 any
> access-list 110 deny ip 192.0.2.0 0.0.0.255 any
> access-list 110 deny ip 224.0.0.0 31.255.255.255 any
> access-list 110 deny ip host 255.255.255.255 any
> access-list 110 deny ip host 0.0.0.0 any
> !-- Deny RFC1918
> access-list 110 deny ip 10.0.0.0    0.255.255.255 any
> access-list 110 deny ip 192.168.0.0 0.0.255.255 any
> access-list 110 deny ip 172.16.0.0  0.15.255.255 any
> !-- Deny ICMP
> access-list 110 deny   icmp any any redirect
> access-list 110 deny   icmp any any echo
> access-list 110 deny   icmp any any traceroute
> !-- Deny my IP prefixes
> access-list 110 deny my IP Prefix
> !-- Permit IP any any
> access-list 110 permit ip any any
> !
> 
> Thanks,
> 
> Michael
> 
> PGP Info: KeyID 0x0DFD993C
> Fingerprint F903 0325 5105 2CDB 4BF4 C88B 72F7 BA7A 28CC 598A
> 
> This e-mail transmission contains information that is confidential and may be privileged.   It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 


-- 
Peter Wan <peter.n.wan at gmail.com>

More information about the cisco-nsp mailing list