24 Nov
1997
24 Nov
'97
12:55 a.m.
Randy Bush said:
for each interface on a router block tcp which is both to and from that interface
I don't think that's sufficient. What about spoofed packets arriving via interface A, with IP source and destination both set to the address of interface B?
--apb (Alan Barrett)
If you do it with an access-list in then it doesn't matter. Even a spoofed packet will be blocked prior to arriving where it can do harm. Owen