Home page logo

basics logo Security Basics mailing list archives

Re: Border Router Question - Ingress Filtering
From: "Mitchell Rowton" <mrowton () bdo com>
Date: Thu, 13 Nov 2003 16:37:23 -0500

RFC1918 addresses could theoreticaly connect to the hosts you listed
(they would be part of "any")
Generaly you should block RFC1918, localhost, etc...  to be a nice
internet neighbor.

Mitchell Rowton

"erisk" <erisk () iinet net au> 11/12/03 02:11AM >>>
Border routers ACL In rule

Acl in
permit tcp any host ***.***.***.**6
permit tcp any host ***.***.***.**5
permit tcp any host ***.***.***.**4
permit tcp any host ***.***.***.**3
deny ip any any log

The firewall then filters on a port level.

My question is if they are denying all IPs other that what is specified
the list is it necessary to then add the standard spoofing deny rules
drop localhost, mulicast, RFC1918 addresses etc)? This will be taken
care of
the deny ip any any rule would it not?

The contents of this email and any attachments to it may contain privileged and confidential information from BDO 
Seidman, LLP.  This information is only for the viewing or use of the intended recipient.  If you are not the intended 
recipient, you are hereby notified that any disclosure, copying, distribution or use of, or the taking of any action in 
reliance upon, the information contained in this e-mail, or any of the attachments to this e-mail, is strictly 
prohibited and that this e-mail and all of the attachments to this e-mail, if any, must be immediately returned to BDO 
Seidman, LLP or destroyed and, in either case, this e-mail and all attachments to this e-mail must be immediately 
deleted from your computer without making any copies thereof.  If you have received this e-mail in error, please notify 
BDO Seidman, LLP by e-mail immediately.

The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]