RE: IP Spoofing

From: Ramy Sisy (ramysisy@inspiredmaster.com)
Date: Sun Jun 29 2008 - 13:32:04 ART

• Next message: Richard Adams: "Re: NTP on routers"
• Previous message: ciscosec sec: "Re: IP Spoofing"
• Maybe in reply to: ciscosec sec: "IP Spoofing"
• Next in thread: Sadiq Yakasai: "Re: IP Spoofing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Agree, but I recommend you to read questions carefully and of course you
will find a specific keyword to guide you for which feature you have to use.
For example if you are talking about backbone security, probably it has
something to do with BGP security.

Sometimes you have to follow best practice and here you need experience to
configure extra features just to meet best practices. Like configuring urpf
with blackhole routing with BGP, the combination is a feature under the name
of Source-based BGP Blackhole Routing.
http://www.google.com/url?sa=t&ct=res&cd=1&url=http%3A%2F%2Fwww.arbornetwork
s.com%2Findex.php%3Foption%3Dcom_docman%26task%3Ddoc_download%26gid%3D112&ei
=jLdnSM30GoKOsQPxn9HADQ&usg=AFQjCNGhV5Pn2ydpykT-rFblVXYOrN07ZQ&sig2=DCP-jAvc
hOmzAGz2NXV_pA

or you may use urpf to make sure that destination router has source
address's network in its routing table before forwarding the traffic.
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_i3.html#w
p1027259

BEST REGARDS,

RAMY SISY, CCIE X 2 (SECURITY, ROUTING/SWITCHING)#17321, CCSI#30417
CCIE PROGRAM MANAGER

INSPIRED MASTER
                        INSPIRING CREATIVE THINKING ....

WWW.INSPIREDMASTER.COM
E. RAMYSISY@INSPIREDMASTER.COM

-----Original Message-----
From: ciscosec sec [mailto:cciesecurityccie@gmail.com]
Sent: Sunday, June 29, 2008 8:52 AM
To: Ramy Sisy
Cc: mgreenlee@ipexpert.com; ccielab@groupstudy.com; security@groupstudy.com
Subject: Re: IP Spoofing

But what if i am asked to protect backbone users connected to my
network from spoofing. In that case should i just configure an
access-list denying the backbone network outbound cause in this case
there is no use configuring urpf...

On 6/29/08, Ramy Sisy <ramysisy@inspiredmaster.com> wrote:
> I agree with Marvin and Muhammad Nasim, plus I need to add some other
ideas
> here:
> You can stop IP spoofing by tons of ways like for example:
> PBR (Black Hole), NBAR, VACL, VLAN Access-maps, Policing, CAR, RTBH, urpf,
> CBAC, TCP Intercept, ACL ......, It all depends :)
>
> There are tons of tools to protect Cisco Networks and usually I recommend
my
> CCIE candidates to understand how to play with each security feature to be
> able to stop any kind of attack "whatever it is".
> I believe it will be more important than memorizing each attack.
>
>
> BEST REGARDS,
>
> RAMY SISY, CCIE X 2 (SECURITY, ROUTING/SWITCHING)#17321, CCSI#30417
> CCIE PROGRAM MANAGER
>
> INSPIRED MASTER
> INSPIRING CREATIVE THINKING ....
>
> WWW.INSPIREDMASTER.COM
> E. RAMYSISY@INSPIREDMASTER.COM
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> mgreenlee@ipexpert.com
> Sent: Saturday, June 28, 2008 10:46 PM
> To: 'ciscosec sec'; ccielab@groupstudy.com; security@groupstudy.com
> Subject: RE: IP Spoofing
>
> Just like with anything else, it depends what you are asked to do.
>
> R1----(intA)R2----R3
>
> Configuring R2 to prevent spoofing on interface A could consist of:
>
> A. Blocking inbound any traffic with a source that belong to R3 (or the
> right side of R2).
> B. Blocking outbound any traffic with a source of a network on R1 (or the
> left side of R2).
>
> c. Configuring urpf on the interface. (same general results as A)
>
>
> It could be A and B, B and C, or just A, B, or C individually.
>
> Make sure that you understand your possibilities. Just because one person
> or vendor chooses a specific item and says "this is my solution for this
> section", doesn't mean that is the correct answer if a similar question
was
> asked on the actual lab.
>
> Marvin Greenlee, CCIE #12237 (R&S, SP, Sec)
> Senior Technical Instructor - IPexpert, Inc.
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> Mailto: mgreenlee@ipexpert.com
>
> Progress or excuses, which one are you making?
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> ciscosec sec
> Sent: Sunday, June 29, 2008 12:56 AM
> To: ccielab@groupstudy.com; security@groupstudy.com
> Subject: IP Spoofing
>
> Hello,
>
> for IP Spoofing is it enough to configure an acess-list with a deny
> statement of our internal network address or do we need to configure
> ip verify unicast reverse path as well.
>
> Regards,
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Richard Adams: "Re: NTP on routers"
• Previous message: ciscosec sec: "Re: IP Spoofing"
• Maybe in reply to: ciscosec sec: "IP Spoofing"
• Next in thread: Sadiq Yakasai: "Re: IP Spoofing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:23 ART