On Sun, Jan 27, 2002 at 11:53:45PM -0500, Stanislav N. Vardomskiy wrote: > On Sun, 27 Jan 2002, Bugtraq Mailing Lists wrote: > > > you should start implementing ingress filtering on your routers > > so that this spoofed attack will not happen again by your end users. <snip> > As you should be a good internet denisen and not spew crap onto the > backbone that might cause problems, you probably should filter egress as > well. Simplest egress filter would be: <snip> > P.S. This is not meant to be a replacement for someone with Cisco skill - > there are many clued in people out there that are jobless at the moment, > and last time I tried to write a comprehensive instructions for Cisco > security for our IX, I got in no-nonsense way informed that I really > should not take the bread and butter from the CCIEs, least I want my > employer to be packeted/nullrouted off the face of the internet. There's an even more comprehensive story about egress filtering at http://www.incidents.org/protect/egress.php and at the Cisco site: http://www.cisco.com/warp/public/707/newsflash.html -- patrick oonk - pine internet - patrickat_private - www.pine.nl/~patrick T:+31-70-3111010 - F:+31-70-3111011 - Read news at http://security.nl PGPID 155C3934 fp DD29 1787 8F49 51B8 4FDF 2F64 A65C 42AE 155C 3934 Excuse of the day: We're on Token Ring, and it looks like the token got loose. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jan 28 2002 - 10:52:09 PST