ASDM 6.1 and Antispoofing

Unanswered Question
Nov 4th, 2008
User Badges:

We recently upgraded to ASDM 6.1 and IOS 8.04 on a ASA 5520. I noticed while poking around the ASDM that under Firewall-->Advanced-->AntiSpoofing that the interfaces say that Antispoofing is not enabled.

I thought on these Cisco ASA's that antispoofing is on by default. Is this feature related to something else. Any information would really help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
smahbub Mon, 11/10/2008 - 14:11
User Badges:
  • Silver, 250 points or more

The feature is disabled by default and you have to enable then same when required.Antispoofing capabilities deployed throughout the network can reduce the likelihood of spoofed packet exploitation as well as aid in attack traceback.Antispoofing protection in the form of unicast Reverse Path Forwarding (uRPF) can provide limited mitigation if properly configured. This feature should not be relied upon to provide 100% mitigation since spoofed packets may still enter the network from the interface expected by uRPF. Care must be taken to ensure that the appropriate uRPF mode (loose or strict) is configured to ensure that legitimate packets are not dropped.


This Discussion