IP address spoofing ACL

Unanswered Question
Feb 27th, 2008

Does anyone use an ACL like this?

access-list 100 deny 10.0.0.0 0.255.255.255 any log

access-list 100 deny 172.16.0.0 0.15.255.255 any log

access-list 100 deny 192.168.0.0 0.0.255.255 any log

access-list 100 deny ip host 255.255.255.255 any log

I have this on my border gateways and was wondering if it's still necessary. It's been a long time since I messed with these ACL's.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Wed, 02/27/2008 - 07:26

Hi

Is this inbound on the outside interface of your border router. If so i would leave as is as you should not be receiving packets with private address in these ranges.

Edit - could also be applied outbound as well as you should not be sending packets with these source IP addresses onto the Internet.

Jon

Actions

This Discussion