Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Anti Spoofing

I have an AIP-SSM-20 module that I am in the process of upgrading the system images and the signatures.

I was wondering if someone could guide me in the right direction on how to configure an anti-spoofing policy on the sensor.

If you have some sample configs that I could look at or even if you can explain to me how to do it through the GUI I would really appreciate it.

2 REPLIES
Cisco Employee

Re: Anti Spoofing

If you mean Anti-IP spoofing -

then it's typically applied on routing devices (firewalls, routers, L3 switches) and not on the firewall.

Unicast RPF is your friend on ASA.

Re: Anti Spoofing

Carlos,

It depends on what type of attack you are attempting to protect against. RPF will help you when a host spoofs an address on an interface where it should not live. For instance, if your internal network is 192.168.1.0/24 and a packet arrives on the outside of your firewall with a source address of 192.168.1.2, the appliance can drop the packet due to the information in its routing table. However, SYN floods from the Internet are a different matter. There is a mechanism on the IPS that can help you with this. Please see the document below for the SYN Cookie functionality of IPS Signature 3050/0.

https://supportforums.cisco.com/docs/DOC-11874

Thank you,
Blayne Dreier
Cisco TAC IDS Team

**Please check out our Podcast**
TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast

638
Views
4
Helpful
2
Replies