Task 6.2 Alternate solution
So I have circled back to lab 1 to go through 1-10 pre lab & hopefully I am now spotting better ways to do things. What do you good people think to this:
To help prevent this type of attack in the future configure your network so
that traffic will not be accepted from BB1, BB2, or BB3 if it sourced from
your address space 183.X.0.0/16.
ip access-list extended SYN_ATTACK
deny ip 220.127.116.11 0.0.255.255 any
permit tcp any host 18.104.22.168 eq www syn log-input
permit ip any any
Ok, yes I agree for the Switch this is the only option (the dont support my solution), but for the routers I went with this tac:
ip verify unicast source reachable-via rx
Same result right? Or have i overlooked one small detail as usual, the point that may trip me up here is this:
tx = Examines incoming packets to determine whether the source address is in
the FIB and permits the packet only if the source is reachable through
the interface on which the packet was received (sometimes referred to as
The above may break something if I were to a odd design where I recieve a packet from say BGP AS100 & my local policy is to send back to this AS via AS200 (Ie i have to route internally?
I think my anser is valid, I am just picking holes in in, well because thats what were here for right?