[c-nsp] Anti-spoofing measures

Earls, Michael Michael.Earls at 53.com
Thu Apr 14 09:11:20 EDT 2005


Can someone send examples of ACLs used to block or prevent Anti-spoofing at the ISP edge.  

My ACL today:

!-- Deny RFC3330
access-list 110 deny ip 127.0.0.0 0.255.255.255 any
access-list 110 deny ip 192.0.2.0 0.0.0.255 any
access-list 110 deny ip 224.0.0.0 31.255.255.255 any
access-list 110 deny ip host 255.255.255.255 any
access-list 110 deny ip host 0.0.0.0 any
!-- Deny RFC1918
access-list 110 deny ip 10.0.0.0    0.255.255.255 any
access-list 110 deny ip 192.168.0.0 0.0.255.255 any
access-list 110 deny ip 172.16.0.0  0.15.255.255 any
!-- Deny ICMP
access-list 110 deny   icmp any any redirect
access-list 110 deny   icmp any any echo
access-list 110 deny   icmp any any traceroute
!-- Deny my IP prefixes
access-list 110 deny my IP Prefix
!-- Permit IP any any
access-list 110 permit ip any any
!

Thanks,

Michael 

PGP Info: KeyID 0x0DFD993C
Fingerprint F903 0325 5105 2CDB 4BF4 C88B 72F7 BA7A 28CC 598A 



This e-mail transmission contains information that is confidential and may be privileged.   It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.



More information about the cisco-nsp mailing list