Cisco: Spoof detection

Spoofing is a kind of network attack to compromise your network security with the intention of traffic capture which will enable an attacker to get access to confidential data. Usually a spoof attach is associated with IP spoofing, which means that the source IP of the packet which arrive to your device has been changed with intention. For example, let’s assume that you are having a plain http communication with mail server and you want to login to your mail account. You sent the intial TCP connection to the real IP of the mail server. If in this moment an attacker can spoof the traffic and reply to your machine with a fake source IP (pretending that it’s the IP address of the mail server), then the next packets (including packets which contain login/password) will be sent to the attacker machine.

The spoof detection configuration on Cisco is very simple (at least the methods that I know), but I said to put it here maybe somebody need it. We have 2 routers connected with a crosslink cable, as we need IP address on interface and interface to be UP in order to do the “show…” verification.

Please see the tutorial below:

Published by

Calin

Calin is a network engineer, with more than 20 years of experience in designing, installing, troubleshooting, and maintaining large enterprise WAN and LAN networks.

2 thoughts on “Cisco: Spoof detection”

  1. Pingback: Binary Insanity

Any opinion on this post? Please let me know:

This site uses Akismet to reduce spam. Learn how your comment data is processed.