Ref: SPOOFING [7:52585]
Dear ALL, How i can see if somebody is spoofing the access list applied on router, or how i can test it, if the spoofing the access list can be done. Regards Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52585&t=52585 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Ref: SPOOFING [7:52585]
Just put the keyword log behind your access list and check your log. deny ip host 10.1.1.1 any log deny ip 127.0.0.0 0.255.255.255 any log deny ip 169.254.0.0 0.0.255.255 any log deny ip 172.16.0.0 0.15.255.255 any log deny ip 192.168.0.0 0.0.255.255 any log deny ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255 log deny ip any 255.255.255.0 0.0.0.255 log As for how to go out and find the real source address of the entity that is trying to spoof you I havent figured that one out yet, but I am sure there is a way. I am getting hit by someone on the 10 network 1w4d: %SYS-5-CONFIG_I: Configured from console by console 1w4d: %SEC-6-IPACCESSLOGP: list 199 denied udp 10.78.0.1(67) -> 255.255.255.255(68), 2 packets but its just a boot p broadcast on port 67 not a real spoofing attack. HTH Randy Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52601&t=52585 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
