Tracking stealth portscan/pepsi attacks
Leigh Porter leigh at insnet.net
Thu Sep 2 12:46:02 CEST 1999
"Gert Doering, Netmaster" wrote: > Hi, > > On Thu, Sep 02, 1999 at 10:44:39AM +0100, Leigh Porter wrote: > > As a side note, does anybody use anything to prevent address spoofing in their > > network? That would at prevent a lot of attacks completly and make tracing the > > rest much easier. > > Sure we do. > > On our ingress interfaces to our customers, we have very strict access > lists ("permit ip <customer net> any / deny ip any any log"). How do you manage large BGP customers with lots of networks? I would also be interested to know performance hits on the routers for this. I do recall soemthing Cisco implemented that checked you have a route back to any source address that comes in on a suitably configured interface else it'll drop the packet as being spoofed, this soulds good - anybody tried it? -- Leigh
[ lir-wg Archives ]