Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IP spoofing mitigation

Where to configure ACL to deny any traffic from the external network that has a source address that should reside on internal network? Does that include assigned public IPs?

Where to filter any outbound traffic that does not have the source address of IPs for the network?

Network: ISP router <>perimeter router<>firewall plus DMZ<>LAN switch.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: IP spoofing mitigation

You can filter at your perimter router ingress interface.

Reference this link

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml

[edit]

by using acl at your perimeter router using link example above u should have additional protection before atacker even hits the firewall.

Firewall has unti-spoofing functionality , u should still reference this other link.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml#spoof

Regards

Rate any helpful posts

1 REPLY

Re: IP spoofing mitigation

You can filter at your perimter router ingress interface.

Reference this link

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml

[edit]

by using acl at your perimeter router using link example above u should have additional protection before atacker even hits the firewall.

Firewall has unti-spoofing functionality , u should still reference this other link.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml#spoof

Regards

Rate any helpful posts

569
Views
0
Helpful
1
Replies