From: mgreenlee@ipexpert.com
Date: Sun Jun 29 2008 - 02:45:31 ART
Just like with anything else, it depends what you are asked to do.
R1----(intA)R2----R3
Configuring R2 to prevent spoofing on interface A could consist of:
A. Blocking inbound any traffic with a source that belong to R3 (or the
right side of R2).
B. Blocking outbound any traffic with a source of a network on R1 (or the
left side of R2).
c. Configuring urpf on the interface. (same general results as A)
It could be A and B, B and C, or just A, B, or C individually.
Make sure that you understand your possibilities. Just because one person
or vendor chooses a specific item and says "this is my solution for this
section", doesn't mean that is the correct answer if a similar question was
asked on the actual lab.
Marvin Greenlee, CCIE #12237 (R&S, SP, Sec)
Senior Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: mgreenlee@ipexpert.com
Progress or excuses, which one are you making?
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ciscosec sec
Sent: Sunday, June 29, 2008 12:56 AM
To: ccielab@groupstudy.com; security@groupstudy.com
Subject: IP Spoofing
Hello,
for IP Spoofing is it enough to configure an acess-list with a deny
statement of our internal network address or do we need to configure
ip verify unicast reverse path as well.
Regards,
This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:23 ART