Land and Cisco question

Mailman List Mirror (Read Only)
1

Randy Bush said:
> for each interface on a router
> block tcp which is both to and from that interface

I don't think that's sufficient. What about spoofed packets arriving via
interface A, with IP source and destination both set to the address of
interface B?

--apb (Alan Barrett)

If you do it with an access-list in then it doesn't matter. Even a spoofed packet
will be blocked prior to arriving where it can do harm.

Owen

2

Like the cat in the hat, but I think I follow. I'll come back to this
when I'm well and hopefully I'll actually get what you're saying. This
flu is killer.

Wait... Ok. So I could still kill external links, regardless of source
routing. I was only thinking of internal links. If I'm still wrong,
somebody let me know.

Joe Shaw - jshaw@insync.net
NetAdmin - Insync Internet Services.