RE: IP Spoofing

From: Ramy Sisy (ramysisy@inspiredmaster.com)
Date: Sun Jun 29 2008 - 11:29:10 ART

• Next message: Ramy Sisy: "RE: *Mar 1 02:23:14.511: RT: NET-RED 0.0.0.0/0"
• Previous message: ccie: "Do I have to disable CED on the interface if I want to"
• Maybe in reply to: ciscosec sec: "IP Spoofing"
• Next in thread: ciscosec sec: "Re: IP Spoofing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I agree with Marvin and Muhammad Nasim, plus I need to add some other ideas
here:
You can stop IP spoofing by tons of ways like for example:
PBR (Black Hole), NBAR, VACL, VLAN Access-maps, Policing, CAR, RTBH, urpf,
CBAC, TCP Intercept, ACL ......, It all depends :)

There are tons of tools to protect Cisco Networks and usually I recommend my
CCIE candidates to understand how to play with each security feature to be
able to stop any kind of attack "whatever it is".
I believe it will be more important than memorizing each attack.

BEST REGARDS,

RAMY SISY, CCIE X 2 (SECURITY, ROUTING/SWITCHING)#17321, CCSI#30417
CCIE PROGRAM MANAGER

INSPIRED MASTER
                        INSPIRING CREATIVE THINKING ....

WWW.INSPIREDMASTER.COM
E. RAMYSISY@INSPIREDMASTER.COM

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
mgreenlee@ipexpert.com
Sent: Saturday, June 28, 2008 10:46 PM
To: 'ciscosec sec'; ccielab@groupstudy.com; security@groupstudy.com
Subject: RE: IP Spoofing

Just like with anything else, it depends what you are asked to do.

R1----(intA)R2----R3

Configuring R2 to prevent spoofing on interface A could consist of:

A. Blocking inbound any traffic with a source that belong to R3 (or the
right side of R2).
B. Blocking outbound any traffic with a source of a network on R1 (or the
left side of R2).

c. Configuring urpf on the interface. (same general results as A)

It could be A and B, B and C, or just A, B, or C individually.

Make sure that you understand your possibilities. Just because one person
or vendor chooses a specific item and says "this is my solution for this
section", doesn't mean that is the correct answer if a similar question was
asked on the actual lab.

Marvin Greenlee, CCIE #12237 (R&S, SP, Sec)
Senior Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: mgreenlee@ipexpert.com

Progress or excuses, which one are you making?
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ciscosec sec
Sent: Sunday, June 29, 2008 12:56 AM
To: ccielab@groupstudy.com; security@groupstudy.com
Subject: IP Spoofing

Hello,

for IP Spoofing is it enough to configure an acess-list with a deny
statement of our internal network address or do we need to configure
ip verify unicast reverse path as well.

Regards,

• Next message: Ramy Sisy: "RE: *Mar 1 02:23:14.511: RT: NET-RED 0.0.0.0/0"
• Previous message: ccie: "Do I have to disable CED on the interface if I want to"
• Maybe in reply to: ciscosec sec: "IP Spoofing"
• Next in thread: ciscosec sec: "Re: IP Spoofing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:23 ART