Re: IP Spoofing

From: ciscosec sec (cciesecurityccie@gmail.com)
Date: Sun Jun 29 2008 - 12:52:16 ART

• Next message: Ramy Sisy: "RE: IP Spoofing"
• Previous message: Wes Stevens: "Re: Expiration Policy"
• Maybe in reply to: ciscosec sec: "IP Spoofing"
• Next in thread: Ramy Sisy: "RE: IP Spoofing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

But what if i am asked to protect backbone users connected to my
network from spoofing. In that case should i just configure an
access-list denying the backbone network outbound cause in this case
there is no use configuring urpf...

On 6/29/08, Ramy Sisy <ramysisy@inspiredmaster.com> wrote:
> I agree with Marvin and Muhammad Nasim, plus I need to add some other ideas
> here:
> You can stop IP spoofing by tons of ways like for example:
> PBR (Black Hole), NBAR, VACL, VLAN Access-maps, Policing, CAR, RTBH, urpf,
> CBAC, TCP Intercept, ACL ......, It all depends :)
>
> There are tons of tools to protect Cisco Networks and usually I recommend my
> CCIE candidates to understand how to play with each security feature to be
> able to stop any kind of attack "whatever it is".
> I believe it will be more important than memorizing each attack.
>
>
> BEST REGARDS,
>
> RAMY SISY, CCIE X 2 (SECURITY, ROUTING/SWITCHING)#17321, CCSI#30417
> CCIE PROGRAM MANAGER
>
> INSPIRED MASTER
> INSPIRING CREATIVE THINKING ....
>
> WWW.INSPIREDMASTER.COM
> E. RAMYSISY@INSPIREDMASTER.COM
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> mgreenlee@ipexpert.com
> Sent: Saturday, June 28, 2008 10:46 PM
> To: 'ciscosec sec'; ccielab@groupstudy.com; security@groupstudy.com
> Subject: RE: IP Spoofing
>
> Just like with anything else, it depends what you are asked to do.
>
> R1----(intA)R2----R3
>
> Configuring R2 to prevent spoofing on interface A could consist of:
>
> A. Blocking inbound any traffic with a source that belong to R3 (or the
> right side of R2).
> B. Blocking outbound any traffic with a source of a network on R1 (or the
> left side of R2).
>
> c. Configuring urpf on the interface. (same general results as A)
>
>
> It could be A and B, B and C, or just A, B, or C individually.
>
> Make sure that you understand your possibilities. Just because one person
> or vendor chooses a specific item and says "this is my solution for this
> section", doesn't mean that is the correct answer if a similar question was
> asked on the actual lab.
>
> Marvin Greenlee, CCIE #12237 (R&S, SP, Sec)
> Senior Technical Instructor - IPexpert, Inc.
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> Mailto: mgreenlee@ipexpert.com
>
> Progress or excuses, which one are you making?
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> ciscosec sec
> Sent: Sunday, June 29, 2008 12:56 AM
> To: ccielab@groupstudy.com; security@groupstudy.com
> Subject: IP Spoofing
>
> Hello,
>
> for IP Spoofing is it enough to configure an acess-list with a deny
> statement of our internal network address or do we need to configure
> ip verify unicast reverse path as well.
>
> Regards,
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Ramy Sisy: "RE: IP Spoofing"
• Previous message: Wes Stevens: "Re: Expiration Policy"
• Maybe in reply to: ciscosec sec: "IP Spoofing"
• Next in thread: Ramy Sisy: "RE: IP Spoofing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:23 ART