Re: [nsp] ip spoofing prevention

From: Jared Mauch (jared@puck.nether.net)
Date: Fri Feb 09 2001 - 02:27:50 EST


        You can prevent ip spoofing in IOS by
using the "ip verify unicast reverse-path" command on routers that have
CEF enabled.

        - jared

On Fri, Feb 09, 2001 at 02:01:23AM -0500, Brian wrote:
> A typical approach is to put a line at the top of an access list inbound on your net facing interface that blocks traffic with your LAN block of ips as the source, since traffic coming from the net should never have your LAN's IP as a source. It is also useful to block rfc 1918, aka private IP space as a source.
>
> Brian
> ----- Original Message -----
> From: Eric Chan
> To: cisco-nsp@puck.nether.net
> Sent: Thursday, February 08, 2001 9:01 PM
> Subject: [nsp] ip spoofing prevention
>
>
> i know we can use tcp intercept to prevent SYN flood
> did anyone know any method to prevent ip spoofing in cisco ios ??
>
> thanks
>
> eric

-- 
Jared Mauch  | pgp key available via finger from jared@puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:27 EDT