A typical approach is to put a line at the top of an access list inbound on your net facing interface that blocks traffic with your LAN block of ips as the source, since traffic coming from the net should never have your LAN's IP as a source. It is also useful to block rfc 1918, aka private IP space as a source.
Brian
----- Original Message -----
From: Eric Chan
To: cisco-nsp@puck.nether.net
Sent: Thursday, February 08, 2001 9:01 PM
Subject: [nsp] ip spoofing prevention
i know we can use tcp intercept to prevent SYN flood
did anyone know any method to prevent ip spoofing in cisco ios ??
thanks
eric
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:27 EDT