With the above access list that build to allow http services to get into the web server and also with a last statement that deny any other traffic coming into my web server. Do I still need to build the access list that deny the following IP address range for Anti-spoofing?
The line you have in your ACL will still allow traffic with any source address through, even invalid ones or ones that are actually on your internal network (spoofed packets). For example, I could create a HTTP packet source from one of your internal servers, and destined to your internal WWW server, and it will get through your access list. To be honest though, it doesn't really matter since the internal server that I spoof will simply drop the response packet from your HTTP server cause it didn't send out the original.
I guess it depends on how secure you want to be. It certainly wouldn't hurt to add stuff like:
That is great info. Could you let me know a URL site that I can visit to find out more detail about using ACL to block spoofing attack. I need to know more detail about it on how exactly to build an ACL to block them.
I think it can also be concluded that ACL deny ip any any does not automatically secure your network by default. It is very much depend on how your network is being attack. Network spoofing is one of the typical example.
Is there any where I can refer to regarding what the deny any any can not help to secure the network. I mean more detail understanding.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :