nanog mailing list archives
Re: Land and Cisco question
From: owen () DeLong SJ CA US (Owen DeLong)
Date: Sun, 23 Nov 1997 21:55:31 -0800
Randy Bush said:for each interface on a router block tcp which is both to and from that interfaceI don't think that's sufficient. What about spoofed packets arriving via interface A, with IP source and destination both set to the address of interface B? --apb (Alan Barrett)
If you do it with an access-list in then it doesn't matter. Even a spoofed packet will be blocked prior to arriving where it can do harm. Owen
Current thread:
- Re: Land and Cisco question, (continued)
- Re: Land and Cisco question Randy Bush (Nov 23)
- why not peer with LS disabling networks ? Lyndon Levesley (Nov 23)
- Re: why not peer with LS disabling networks ? John Hawkinson (Nov 23)
- Re: why not peer with LS disabling networks ? Randy Bush (Nov 23)
- Re: why not peer with LS disabling networks ? Paul Ferguson (Nov 24)
- Re: why not peer with LS disabling networks ? Network Operations Center (Nov 24)
- Re: why not peer with LS disabling networks ? John Hawkinson (Nov 24)
- Re: why not peer with LS disabling networks ? Neil J. McRae (Nov 25)
- Re: Land and Cisco question Dean Anderson (Nov 24)
- Re: Land and Cisco question Greg A. Woods (Nov 24)
- Re: Land and Cisco question Joe Shaw (Nov 24)