nanog mailing list archives

Re: Land and Cisco question

From: Joe Shaw <jshaw () insync net>
Date: Mon, 24 Nov 1997 02:17:12 -0600 (CST)


On Sun, 23 Nov 1997, Owen DeLong wrote:

Randy Bush said:

for each interface on a router
  block tcp which is both to and from that interface


I don't think that's sufficient.  What about spoofed packets arriving via
interface A, with IP source and destination both set to the address of
interface B? 

--apb (Alan Barrett)

If you do it with an access-list in then it doesn't matter.  Even a spoofed packet
will be blocked prior to arriving where it can do harm.

Owen


Like the cat in the hat, but I think I follow.  I'll come back to this
when I'm well and hopefully I'll actually get what you're saying.  This
flu is killer.

Wait...  Ok.  So I could still kill external links, regardless of source
routing.  I was only thinking of internal links.  If I'm still wrong,
somebody let me know.

Joe Shaw - jshaw () insync net
NetAdmin - Insync Internet Services.

Current thread:

why not peer with LS disabling networks ?, (continued)
- - - why not peer with LS disabling networks ? Lyndon Levesley (Nov 23)
    - Re: why not peer with LS disabling networks ? John Hawkinson (Nov 23)
    - Re: why not peer with LS disabling networks ? Randy Bush (Nov 23)
    - Re: why not peer with LS disabling networks ? Paul Ferguson (Nov 24)
    - Re: why not peer with LS disabling networks ? Network Operations Center (Nov 24)
    - Re: why not peer with LS disabling networks ? John Hawkinson (Nov 24)
    - Re: why not peer with LS disabling networks ? Neil J. McRae (Nov 25)
    - Re: Land and Cisco question Dean Anderson (Nov 24)
    - Re: Land and Cisco question Greg A. Woods (Nov 24)
- Re: Land and Cisco question Owen DeLong (Nov 23)
  - Re: Land and Cisco question Joe Shaw (Nov 24)
- Re: Land and Cisco question Sean Donelan (Nov 24)