IP spoofing mitigation

Answered Question
Dec 24th, 2008

Where to configure ACL to deny any traffic from the external network that has a source address that should reside on internal network? Does that include assigned public IPs?

Where to filter any outbound traffic that does not have the source address of IPs for the network?

Network: ISP router <>perimeter router<>firewall plus DMZ<>LAN switch.

I have this problem too.
0 votes
Correct Answer by JORGE RODRIGUEZ about 8 years 3 weeks ago

You can filter at your perimter router ingress interface.

Reference this link

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml

[edit]

by using acl at your perimeter router using link example above u should have additional protection before atacker even hits the firewall.

Firewall has unti-spoofing functionality , u should still reference this other link.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml#spoof

Regards

Rate any helpful posts

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
JORGE RODRIGUEZ Thu, 12/25/2008 - 07:23

You can filter at your perimter router ingress interface.

Reference this link

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml

[edit]

by using acl at your perimeter router using link example above u should have additional protection before atacker even hits the firewall.

Firewall has unti-spoofing functionality , u should still reference this other link.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml#spoof

Regards

Rate any helpful posts

Actions

This Discussion