Cisco Support Community
Community Member


i want to know how spoofing and anti-spoofing happen , and how can i limit them...thx

Community Member

Re: anti-spoofing

you can limit spoofing by filtering your internal ethernet ports to allow only that network in... The source addresses should match the LAN address, if not drop em.

You also need to ensure that your external interfaces don't allow any internal IPs in as well as any 1918 addresses.

I think if every ISP filtered their inbound access ports, the world would be a better place. Well there's a start. There is so much you can do.

Community Member

Re: anti-spoofing

Spoofing happens when an untrusted user(s) poses to use the trusted network's address in order to gain entry to the trusted network. Also this applies to disgruntled employee(s) within the trusted network.

For anti-spoofing:

-Using inbound access lists to prevent IP address spoofing

-Using ANTI-SPOOF-OUT/IN in the access-group statement

Community Member

Re: anti-spoofing

Can you show/direct(to web site) where how to 'Spoof'. My intention is to convince my boss to get a FIREWALL, where with a simple demonstration on how easy to get into the network without a FIREWALL.

Or is there any other way that i can 'prove' to my boss? Method involve spending is definitely no no (you know how bosses think).

Appreciate you guidance.


CreatePlease to create content