Security Basics mailing list archives
RE: Border Router Question - Ingress Filtering
From: "DeGennaro, Gregory" <Gregory_DeGennaro () csaa com>
Date: Thu, 13 Nov 2003 12:43:05 -0800
Yes, this will take care of everything unless of course they spoof the permits or attack the established traffic like someone tried on me the other day ... They usually itemize the denies so there is better tracking, however this is not always necessary. I hope you have a big syslog server ... :-) --Greg -----Original Message----- From: erisk [mailto:erisk () iinet net au] Sent: Tuesday, November 11, 2003 11:12 PM To: security-basics () securityfocus com Subject: Border Router Question - Ingress Filtering Border routers ACL In rule Acl in permit tcp any host ***.***.***.**6 permit tcp any host ***.***.***.**5 permit tcp any host ***.***.***.**4 permit tcp any host ***.***.***.**3 deny ip any any log The firewall then filters on a port level. My question is if they are denying all IPs other that what is specified in the list is it necessary to then add the standard spoofing deny rules (ie drop localhost, mulicast, RFC1918 addresses etc)? This will be taken care of the deny ip any any rule would it not? --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- Border Router Question - Ingress Filtering erisk (Nov 13)
- RE: Border Router Question - Ingress Filtering David Gillett (Nov 14)
- Re: Border Router Question - Ingress Filtering Anders Reed-Mohn (Nov 14)
- <Possible follow-ups>
- RE: Border Router Question - Ingress Filtering DeGennaro, Gregory (Nov 14)
- Re: Border Router Question - Ingress Filtering Mitchell Rowton (Nov 14)
- RE: Border Router Question - Ingress Filtering DeGennaro, Gregory (Nov 17)