Ingress and Egress Filtering with ACL’s

IP Spoofing is when an attacker changes the source IP address of packets to hide its true origin. By changing the source address in this manner an attacker might as an example carry out a DoS, Man in the Middle or a Syn-Flooding attack all of which can wreck your network while placing the integrity of your data at risk.
Ingress filtering (outlined on RFC 3704 update to RFC 2827) can be performed using an ACL which checks the source IP address of all incoming packets and drops any IP address that belongs to the IPv4 private IP addresses scheme (outlined in RFC 1918) on the outside interface of the edge router or firewall. Egress is simply the opposite which prevents IPv4 private IP addresses from exiting the network.

Continue reading

Router on a Stick

While I studying for the CCNA exam I came across  a topic known as 802.1q trunk to router which is also commonly referred to router-on-a-stick or ROAS. This being a vital topic for the exam I wanted to write this how-to article in hopes that it aids others in their studies.

Simply put, if you have multiple VLANS and you wish for hosts to communicate with one another then you need to implement a layer 3 device such as a Router to perform routing between the VLANS.

Routing in this scenario is easily accomplished by implementing ROAS. Make sure you have the following

Continue reading