cisco routers and ip spoofing


I am setting up two cisco 2621 routers. I am new to cisco routers but I have read the manuals. Is there anything special I have to do to prevent ip spoofing? i.e. preventing spoofed packets from leaving my network and preventing them from entering.


Reply to
Loading thread data ...

Very simple on the 'coming in' side. Simply put an access list on the external interface that blocks traffic with a source of a network that is on the internal side.

IE: Internet Pipe

Put an access list that denies to any from coming IN the external interface. This prevents someone from 'spoofing' your internal addressing and forwarding traffic into your router from the outside.

To be honest, its usually a good idea to ACL off all internal network addressing which should not be present in the internet.
Reply to

look for unicast reverse path forwarding.


Reply to
Maarten Carels Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.