Hello,
I am setting up two cisco 2621 routers. I am new to cisco routers but I have read the manuals. Is there anything special I have to do to prevent ip spoofing? i.e. preventing spoofed packets from leaving my network and preventing them from entering.
Thanks,
Very simple on the 'coming in' side. Simply put an access list on the external interface that blocks traffic with a source of a network that is on the internal side.
IE:
192.168.0.0 Internet PipePut an access list that denies 192.168.0.0 255.255.255.0 to any from coming IN the external interface. This prevents someone from 'spoofing' your internal addressing and forwarding traffic into your router from the outside.
To be honest, its usually a good idea to ACL off all internal network addressing which should not be present in the internet.
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
look for unicast reverse path forwarding.
--maarten
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.