nanog mailing list archives

Re: Land and Cisco question

From: Dean Anderson <dean () av8 com>
Date: Mon, 24 Nov 1997 19:38:49 -0500

At 4:54 AM -0500 11/23/97, Alan Barrett wrote:

Randy Bush said:

for each interface on a router
  block tcp which is both to and from that interface


I don't think that's sufficient.  What about spoofed packets arriving via
interface A, with IP source and destination both set to the address of
interface B?


In this case the packets must eventually be transmitted via interface B and
Interface B transmit rules should take care of that.

                --Dean


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
           Plain Aviation, Inc                  dean () av8 com
           LAN/WAN/UNIX/NT/TCPIP          http://www.av8.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Current thread:

Re: Land and Cisco question, (continued)
- - - Re: Land and Cisco question Alan Barrett (Nov 23)
    - Re: Land and Cisco question Joe Shaw (Nov 23)
    - Re: Land and Cisco question Randy Bush (Nov 23)
    - why not peer with LS disabling networks ? Lyndon Levesley (Nov 23)
    - Re: why not peer with LS disabling networks ? John Hawkinson (Nov 23)
    - Re: why not peer with LS disabling networks ? Randy Bush (Nov 23)
    - Re: why not peer with LS disabling networks ? Paul Ferguson (Nov 24)
    - Re: why not peer with LS disabling networks ? Network Operations Center (Nov 24)
    - Re: why not peer with LS disabling networks ? John Hawkinson (Nov 24)
    - Re: why not peer with LS disabling networks ? Neil J. McRae (Nov 25)
    - Re: Land and Cisco question Dean Anderson (Nov 24)
    - Re: Land and Cisco question Greg A. Woods (Nov 24)
- Re: Land and Cisco question Owen DeLong (Nov 23)
  - Re: Land and Cisco question Joe Shaw (Nov 24)
- Re: Land and Cisco question Sean Donelan (Nov 24)