nanog mailing list archives

Re: Land and Cisco question

From: owen () DeLong SJ CA US (Owen DeLong)
Date: Sun, 23 Nov 1997 21:55:31 -0800

Randy Bush said:

for each interface on a router
  block tcp which is both to and from that interface


I don't think that's sufficient.  What about spoofed packets arriving via
interface A, with IP source and destination both set to the address of
interface B? 

--apb (Alan Barrett)

If you do it with an access-list in then it doesn't matter.  Even a spoofed packet
will be blocked prior to arriving where it can do harm.

Owen

Current thread:

Re: Land and Cisco question, (continued)
- - - Re: Land and Cisco question Randy Bush (Nov 23)
    - why not peer with LS disabling networks ? Lyndon Levesley (Nov 23)
    - Re: why not peer with LS disabling networks ? John Hawkinson (Nov 23)
    - Re: why not peer with LS disabling networks ? Randy Bush (Nov 23)
    - Re: why not peer with LS disabling networks ? Paul Ferguson (Nov 24)
    - Re: why not peer with LS disabling networks ? Network Operations Center (Nov 24)
    - Re: why not peer with LS disabling networks ? John Hawkinson (Nov 24)
    - Re: why not peer with LS disabling networks ? Neil J. McRae (Nov 25)
    - Re: Land and Cisco question Dean Anderson (Nov 24)
    - Re: Land and Cisco question Greg A. Woods (Nov 24)
- Re: Land and Cisco question Owen DeLong (Nov 23)
  - Re: Land and Cisco question Joe Shaw (Nov 24)
- Re: Land and Cisco question Sean Donelan (Nov 24)