RE: IP Spoofing posted 06/29/2008
Just like with anything else, it depends what you are asked to do.
Configuring R2 to prevent spoofing on interface A could consist of:
A. Blocking inbound any traffic with a source that belong to R3 (or the
right side of R2).
B. Blocking outbound any traffic with a source of a network on R1 (or the
left side of R2).
c. Configuring urpf on the interface. (same general results as A)
It could be A and B, B and C, or just A, B, or C individually.
Make sure that you understand your possibilities. Just because one person
or vendor chooses a specific item and says "this is my solution for this
section", doesn't mean that is the correct answer if a similar question was
asked on the actual lab.
Marvin Greenlee, CCIE #12237 (R&S, SP, Sec)
Senior Technical Instructor - IPexpert, Inc.
Progress or excuses, which one are you making?
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
Sent: Sunday, June 29, 2008 12:56 AM
To: ccielab@xxxxxxxxxxxxxx; security@xxxxxxxxxxxxxx
Subject: IP Spoofing
for IP Spoofing is it enough to configure an acess-list with a deny
statement of our internal network address or do we need to configure
ip verify unicast reverse path as well.
Subscription information may be found at: