Land and Cisco question

Joe Shaw jshaw at insync.net
Sun Nov 23 15:17:56 UTC 1997


On Sun, 23 Nov 1997, Alan Barrett wrote:

> Randy Bush said:
> > for each interface on a router
> >   block tcp which is both to and from that interface
> 
> I don't think that's sufficient.  What about spoofed packets arriving via
> interface A, with IP source and destination both set to the address of
> interface B? 
> 
> --apb (Alan Barrett)

no ip source-route should fix it.

Joe Shaw - jshaw at insync.net
NetAdmin - Insync Internet Services
Up WAY too early on a Sunday... :)




More information about the NANOG mailing list