CCNA Security: ACLs to Prevent IP Spoofing

IP Spoofing techniques are a means to obtain unauthorized access to computer technology, that is, the attacker through the pseudo-IP addresses to send information to the computer and displays the information from the real host. Cause pseudo-IP technology has a variety of attack types, as follows:

IP spoofing is a difficult problem to tackle, because it is related to the IP packet structure. IP packets can be exploited in several ways. Because attackers can hide their identity with IP spoofing, they can make several network attacks. Although there is no easy solution for the IP spoofing problem, you can apply some simple proactive and reactive methods at the nodes, and use the Routers in the network to help detect a spoofed packet and trace it back to its originating source.

To learn about this, we will look at a Cisco Router configured with an ACL

IP Address Spoofing Mitigation: Inbound

Router(config)#access-list 150 deny ip 10.2.1.0 0.0.0.255 any log
Router(config)#access-list 150 deny ip 0.0.0.0 0.255.255.255 any log
Router(config)#access-list 150 deny ip 127.0.0.0 0.255.255.255 any log
Router(config)#access-list 150 deny ip 172.16.0.0 0.15.255.255 any log
Router(config)#access-list 150 deny ip 192.168.0.0 0.0.255.255 any log
Router(config)#access-list 150 deny ip 224.0.0.0 15.255.255.255 any log
Router(config)#access-list 150 deny ip host 255.255.255.255 any log
Router(config)#access-list 150 deny ip any 10.2.1.0 0.0.0.255

Apply the ACL to the interface.

Router(config)#int fa0/0
Router(config-if)#ip access-group 150 in
Router(config-if)#exit

IP Address Spoofing Mitigation: Outbound

Router(config)#access-list 105 permit ip 10.2.1.0 0.0.0.255 any
Router(config)#access-list 105 deny ip any any log