Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Spoofing IP and this scenario with standard ACL

I have got Router R1 with two Fast Ethernets (e0 and e1),,,,network 172.168.2.0 connected to e0, network 172.168.1.0 connected to e1.

If I want to black all IP spoofing attacks, that originating on the 172.168.1.0 network using a spoofed address outside the 172.168.1.0 range from being sent into the 172.168.2.0 network.

However, all other traffic must be permitted.

The access that has been applied to e1 as input filter is :

Access-list 1 permit 172.168.1.0 0.0.0.255

How does the access-list 1 can distinguish between the real ip address (belong to network 172.168.1.0) from the spoofing one,,,,because as we know that the spoofing ip, impersonate the real ip address

3 REPLIES

Re: Spoofing IP and this scenario with standard ACL

You are correct; the router cannot distinguish between a genuine packet sourced from 172.168.1.x and a spoofed one.

However, spoofing like this limits the options of the spoofers to merely a DoS attack as the return path will not be reachable. They cannot make a connection to your destination network.

You could take a look at the Cisco Security Products (IPS) if you need more extensive filtering of packets.

Regards,

Leo

New Member

Re: Spoofing IP and this scenario with standard ACL

((DoS attack as the return path will not be reachable. ))

As you know the scenario have applied the access list on the interface E1 as input filter (inbound) ,,,,,How does that affect the outbound traffic (return path) ?

New Member

Re: Spoofing IP and this scenario with standard ACL

Recal

{{However, all other traffic must be permitted}}.

In the access list that I have mentioned, we did not satisfy the quoted phrase !!!

161
Views
0
Helpful
3
Replies
CreatePlease to create content