|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Land and Cisco question
> Randy Bush said: > > for each interface on a router > > block tcp which is both to and from that interface > > I don't think that's sufficient. What about spoofed packets arriving via > interface A, with IP source and destination both set to the address of > interface B? > > --apb (Alan Barrett) > > If you do it with an access-list in then it doesn't matter. Even a spoofed packet will be blocked prior to arriving where it can do harm. Owen
|