IP address spoofing ACL

Unanswered Question
Feb 27th, 2008
User Badges:

Does anyone use an ACL like this?


access-list 100 deny 10.0.0.0 0.255.255.255 any log

access-list 100 deny 172.16.0.0 0.15.255.255 any log

access-list 100 deny 192.168.0.0 0.0.255.255 any log

access-list 100 deny ip host 255.255.255.255 any log


I have this on my border gateways and was wondering if it's still necessary. It's been a long time since I messed with these ACL's.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Wed, 02/27/2008 - 07:26
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


Is this inbound on the outside interface of your border router. If so i would leave as is as you should not be receiving packets with private address in these ranges.


Edit - could also be applied outbound as well as you should not be sending packets with these source IP addresses onto the Internet.


Jon

Actions

This Discussion