GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: IP Spoofing posted 06/29/2008
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Just like with anything else, it depends what you are asked to do.

R1----(intA)R2----R3

Configuring R2 to prevent spoofing on interface A could consist of:

A.  Blocking inbound any traffic with a source that belong to R3 (or the
right side of R2).
B.  Blocking outbound any traffic with a source of a network on R1 (or the
left side of R2).

c.  Configuring urpf on the interface. (same general results as A)


It could be A and B, B and C, or just A, B, or C individually.

Make sure that you understand your possibilities.  Just because one person
or vendor chooses a specific item and says "this is my solution for this
section", doesn't mean that is the correct answer if a similar question was
asked on the actual lab.

Marvin Greenlee, CCIE #12237 (R&S, SP, Sec)
Senior Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: mgreenlee@xxxxxxxxxxxx

Progress or excuses, which one are you making?
 


-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
ciscosec sec
Sent: Sunday, June 29, 2008 12:56 AM
To: ccielab@xxxxxxxxxxxxxx; security@xxxxxxxxxxxxxx
Subject: IP Spoofing

Hello,

for IP Spoofing is it enough to configure an acess-list with a deny
statement of our internal network address or do we need to configure
ip verify unicast reverse path as well.

Regards,


_______________________________________________________________________
Subscription information may be found at: 
http://www.groupstudy.com/list/CCIELab.html