Border Router Question - Ingress Filtering

From: erisk (erisk_at_iinet.net.au)
Date: 11/12/03

Next message: Nick Warr: "Re: email gateway (transparent)"

Previous message: David Fore: "RE: trusted & untrusted ports"
Next in thread: David Gillett: "RE: Border Router Question - Ingress Filtering"
Reply: David Gillett: "RE: Border Router Question - Ingress Filtering"
Maybe reply: DeGennaro, Gregory: "RE: Border Router Question - Ingress Filtering"
Reply: Anders Reed-Mohn: "Re: Border Router Question - Ingress Filtering"
Maybe reply: Mitchell Rowton: "Re: Border Router Question - Ingress Filtering"
Maybe reply: DeGennaro, Gregory: "RE: Border Router Question - Ingress Filtering"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <security-basics@securityfocus.com>
Date: Wed, 12 Nov 2003 15:11:59 +0800

Border routers ACL In rule

Acl in
permit tcp any host ***.***.***.**6
permit tcp any host ***.***.***.**5
permit tcp any host ***.***.***.**4
permit tcp any host ***.***.***.**3
deny ip any any log

The firewall then filters on a port level.

My question is if they are denying all IPs other that what is specified in
the list is it necessary to then add the standard spoofing deny rules (ie
drop localhost, mulicast, RFC1918 addresses etc)? This will be taken care of
the deny ip any any rule would it not?

---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to
simplify the management and deployment of PGP and reduce overall PGP costs
by up to 80%.
FREE WHITEPAPER & 30 Day Trial -
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
----------------------------------------------------------------------------

Next message: Nick Warr: "Re: email gateway (transparent)"

Previous message: David Fore: "RE: trusted & untrusted ports"
Next in thread: David Gillett: "RE: Border Router Question - Ingress Filtering"
Reply: David Gillett: "RE: Border Router Question - Ingress Filtering"
Maybe reply: DeGennaro, Gregory: "RE: Border Router Question - Ingress Filtering"
Reply: Anders Reed-Mohn: "Re: Border Router Question - Ingress Filtering"
Maybe reply: Mitchell Rowton: "Re: Border Router Question - Ingress Filtering"
Maybe reply: DeGennaro, Gregory: "RE: Border Router Question - Ingress Filtering"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Border Router Question - Ingress Filtering
... Generaly you should block RFC1918, localhost, etc... ... the list is it necessary to then add the standard spoofing deny rules ... PGP / XML GATEWAY APPLIANCE ...
(Security-Basics)
RE: Border Router Question - Ingress Filtering
... you are permitting any host and any TCP connection ... access to the listed hosts. ... the list is it necessary to then add the standard spoofing deny rules (ie ... PGP / XML GATEWAY APPLIANCE ...
(Security-Basics)
Re: PGP protection
... pgp trash troll delete ... >> Do you also know that it's impossible for you to deny having signed ... "feature" pgp offers. ... Anybody can sign their postings with your ...
(comp.os.linux.misc)