[c-nsp] Blocking Forged Source Addresses

[Justin Shore]

Skeeve Stevens wrote:
> What is the best strategy to Block Forged Source Addresses on a Cisco border
> router?

Skeeve,

What specifically are you looking for?  How do you determine that the 
source traffic is forged?  Are you wanting to ensure that no traffic 
enters your network for the outside that claims to be from a source 
already inside of your network?  BOGONs?  Hijacked netblocks?  There's a 
lot of stuff to block.  uRPF is generally part of the solution but of 
course it depends on what you're trying to accomplish.

Justin