North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Land and Cisco question
On Sun, 23 Nov 1997, Owen DeLong wrote: > > > Randy Bush said: > > > for each interface on a router > > > block tcp which is both to and from that interface > > > > I don't think that's sufficient. What about spoofed packets arriving via > > interface A, with IP source and destination both set to the address of > > interface B? > > > > --apb (Alan Barrett) > > > > > If you do it with an access-list in then it doesn't matter. Even a spoofed packet > will be blocked prior to arriving where it can do harm. > > Owen Like the cat in the hat, but I think I follow. I'll come back to this when I'm well and hopefully I'll actually get what you're saying. This flu is killer. Wait... Ok. So I could still kill external links, regardless of source routing. I was only thinking of internal links. If I'm still wrong, somebody let me know. Joe Shaw - firstname.lastname@example.org NetAdmin - Insync Internet Services.