Re: [nsp] ip spoofing prevention

From: Andrew (arousch@home.com)
Date: Fri Feb 09 2001 - 02:46:01 EST


That's great for single homed customers

At 02:27 AM 2/9/01 -0500, Jared Mauch wrote:
> You can prevent ip spoofing in IOS by
>using the "ip verify unicast reverse-path" command on routers that have
>CEF enabled.
>
> - jared
>
>On Fri, Feb 09, 2001 at 02:01:23AM -0500, Brian wrote:
> > A typical approach is to put a line at the top of an access list
> inbound on your net facing interface that blocks traffic with your LAN
> block of ips as the source, since traffic coming from the net should
> never have your LAN's IP as a source. It is also useful to block rfc
> 1918, aka private IP space as a source.
> >
> > Brian
> > ----- Original Message -----
> > From: Eric Chan
> > To: cisco-nsp@puck.nether.net
> > Sent: Thursday, February 08, 2001 9:01 PM
> > Subject: [nsp] ip spoofing prevention
> >
> >
> > i know we can use tcp intercept to prevent SYN flood
> > did anyone know any method to prevent ip spoofing in cisco ios ??
> >
> > thanks
> >
> > eric
>
>--
>Jared Mauch | pgp key available via finger from jared@puck.nether.net
>clue++; | http://puck.nether.net/~jared/ My statements are only mine.



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:27 EDT