Tracking stealth portscan/pepsi attacks

Previous message: Tracking stealth portscan/pepsi attacks

Next message: Tracking stealth portscan/pepsi attacks

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Leigh Porter leigh at insnet.net
Thu Sep 2 12:46:02 CEST 1999

"Gert Doering, Netmaster" wrote:

> Hi,
>
> On Thu, Sep 02, 1999 at 10:44:39AM +0100, Leigh Porter wrote:
> > As a side note, does anybody use anything to prevent address spoofing in their
> > network? That would at prevent a lot of attacks completly and make tracing the
> > rest much easier.
>
> Sure we do.
>
> On our ingress interfaces to our customers, we have very strict access
> lists ("permit ip <customer net> any / deny ip any any log").

How do you manage large BGP customers with lots of networks?
I would also be interested to know performance hits on the routers
for this.

I do recall soemthing Cisco implemented that checked you have a route back to
any source address that comes in on a suitably configured interface else it'll
drop the packet as being spoofed, this soulds good - anybody tried it?

--
Leigh

Previous message: Tracking stealth portscan/pepsi attacks

Next message: Tracking stealth portscan/pepsi attacks

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ lir-wg Archives ]