Security Basics mailing list archives

Re: Border Router Question - Ingress Filtering

From: "Anders Reed-Mohn" <anders_rm () utepils com>
Date: Fri, 14 Nov 2003 15:10:33 +0100

is it necessary to then add the standard spoofing deny rules


Yes, it is.

Note that in the rules you quote, you allow traffic from ANY.

In other words, spoofed traffic to the hosts 6, 5, 4 and 3
will get past this filter.

You should (I'd say MUST) use generic anti-spoofing rules, though,
not specific ones for these addresses.

Cheers,
Anders :)

---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------

Current thread:

Border Router Question - Ingress Filtering erisk (Nov 13)
- RE: Border Router Question - Ingress Filtering David Gillett (Nov 14)
- Re: Border Router Question - Ingress Filtering Anders Reed-Mohn (Nov 14)
- <Possible follow-ups>
- RE: Border Router Question - Ingress Filtering DeGennaro, Gregory (Nov 14)
- Re: Border Router Question - Ingress Filtering Mitchell Rowton (Nov 14)
- RE: Border Router Question - Ingress Filtering DeGennaro, Gregory (Nov 17)