[13987] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Land and Cisco question

daemon@ATHENA.MIT.EDU (Owen DeLong)
Mon Nov 24 01:00:44 1997

Date: Sun, 23 Nov 1997 21:55:31 -0800
From: owen@DeLong.SJ.CA.US (Owen DeLong)
To: nanog@merit.edu, apb@iafrica.com


> Randy Bush said:
> > for each interface on a router
> >   block tcp which is both to and from that interface
> 
> I don't think that's sufficient.  What about spoofed packets arriving via
> interface A, with IP source and destination both set to the address of
> interface B? 
> 
> --apb (Alan Barrett)
> 
> 
If you do it with an access-list in then it doesn't matter.  Even a spoofed packet
will be blocked prior to arriving where it can do harm.

Owen


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[13987] in North American Network Operators' Group

Re: Land and Cisco question

daemon@ATHENA.MIT.EDU (Owen DeLong)Mon Nov 24 01:00:44 1997

daemon@ATHENA.MIT.EDU (Owen DeLong)
Mon Nov 24 01:00:44 1997