Date: Mon, 24 Jun 1996 06:48:42 -0700 (PDT) From: "Eric J. Schwertfeger" <ejs@bfd.com> To: "Jordan K. Hubbard" <jkh@time.cdrom.com> Cc: Guido van Rooij <guido@gvr.win.tue.nl>, security@FreeBSD.org Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <Pine.BSI.3.94.960624063803.29842A-100000@harlie.bfd.com> In-Reply-To: <10326.835597770@time.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 23 Jun 1996, Jordan K. Hubbard wrote: > > Do you have anti-spoof filter rules in your backbone router? If not > > install them. If so, please add packets coming in from localhost > > How do you install such things on a cisco 2500? :-) Seriously, if > there's a way then I can get someone from cisco to help me out, but I > first need to know that it's even a reasonable request. Very simply, considering what most people refer to as anti-spoof filters are filters that make sure internal addresses aren't coming in on an external interface. On our 2500, the very first incoming rule on the serial port that goes to our T1 is "deny anything that has a source address within our class C address." Now I get to add 127.0.0.0 :-) This way, if we see an address on the internal networks that has our Class C address (or our 192.168.X.X addresses), we know it was generated internally, so if it is a hack attempt, we've already been breeched. If there are better anti-spoofing filters, I'm not aware of them, and will gladly listen. If you need any more help than the explanation (If you know Cisco filtering rules, the rest is simple), feel free to email me.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.94.960624063803.29842A-100000>