Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Can Compatible Systems device filters be configured to prevent IP spoofing?

compatible configured device filters IP spoofing SYSTEMS
0
10 Posted

Can Compatible Systems device filters be configured to prevent IP spoofing?

0 CommentsAdd a Comment

1 Answer

0
10

A. “The best method of preventing the IP spoofing problem is to install a filtering router that restricts the input to your external interface (known as an input filter) by not allowing a packet through if it has a source address from your internal network…” says CERT in an advisory. Yes. The only routers that do not support IP packet filters are the 1000R and 3000E. In order to prevent spoofing, you want two rules that look like this: deny x.x.x.0/24 0.0.0.0 IP permit 0.0.0.0 0.0.0.0 IP Where x.x.x.0/24 is your Class C address. (This assumes you have an entire class C.) This is a limited filter set. The last rule is to permit all other traffic since the default mechanism of the filtering function is to drop all packets not specifically permitted by the filter rules on a port.

0 CommentsAdd a Comment
What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123