Unless you have a reason to do otherwise (which you would already know):
On upstream and peering interfaces: Outgoing ACL --- Accept your and your customers' public IP prefixes Drop all else Inbound ACL --- Drop your IP addresses ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Mark - Myakka Technologies" <[email protected]> To: "AnimalFarm Microwave Users Group" <[email protected]> Sent: Monday, October 12, 2020 4:49:18 PM Subject: [AFMUG] Brigham Young University's Internet Measurement and Anti-Abuse Laboratory I got an e-mail from BYU about IP Spoofing. Looks like they ran some testing during December 2019. "The intent of the experiment was to determine the pervasiveness of networks failing to filter spoofed incoming traffic appearing to originate from within their own networks." Apparently they are going to present the results of this experiment at the Internet Measurement Conference (IMC) 2020 at the end of this month. They sent me the e-mail being my AS failed their test. The e-mail was very well written with proper english and spelling. They weren’t asking me for anything, just giving me a heads up. I didn't have any filters in my firewall preventing this, but popped a couple in to see what they caught. Well I am seeing random packets coming in from the outside world with my IP addresses as the source. Looks like they are looking for DNS servers being all traffic so far has been UDP 53. I now have these Firewall rules in place. Is there any reason why I won't want to block these request. I can not think of any valid reason for someone to spoof my IP on incoming packets. -- Thanks, Mark mailto:[email protected] Myakka Technologies, Inc. www.Myakka.com -- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
