https://community.cisco.com/t5/network-security/anti-spoofing/m-p/1448434#M67040 <P>I have an AIP-SSM-20 module that I am in the process of upgrading the system images and the signatures.</P><P>I was wondering if someone could guide me in the right direction on how to configure an anti-spoofing policy on the sensor.</P><P>If you have some sample configs that I could look at or even if you can explain to me how to do it through the GUI I would really appreciate it.</P> Sun, 10 Mar 2019 12:02:43 GMT cdetirado 2019-03-10T12:02:43Z https://community.cisco.com/t5/network-security/anti-spoofing/m-p/1448434#M67040 <P>I have an AIP-SSM-20 module that I am in the process of upgrading the system images and the signatures.</P><P>I was wondering if someone could guide me in the right direction on how to configure an anti-spoofing policy on the sensor.</P><P>If you have some sample configs that I could look at or even if you can explain to me how to do it through the GUI I would really appreciate it.</P> Sun, 10 Mar 2019 12:02:43 GMT https://community.cisco.com/t5/network-security/anti-spoofing/m-p/1448434#M67040 cdetirado 2019-03-10T12:02:43Z https://community.cisco.com/t5/network-security/anti-spoofing/m-p/1448435#M67045 <HTML><HEAD></HEAD><BODY><P>If you mean Anti-IP spoofing -</P><P>then it's typically applied on routing devices (firewalls, routers, L3 switches) and not on the firewall.</P><P>Unicast RPF is your friend on ASA.</P></BODY></HTML> Fri, 02 Jul 2010 23:37:37 GMT https://community.cisco.com/t5/network-security/anti-spoofing/m-p/1448435#M67045 Marcin Latosiewicz 2010-07-02T23:37:37Z https://community.cisco.com/t5/network-security/anti-spoofing/m-p/1448436#M67049 <HTML><HEAD></HEAD><BODY><P>Carlos,</P><P></P><P>It depends on what type of attack you are attempting to protect against. RPF will help you when a host spoofs an address on an interface where it should not live. For instance, if your internal network is 192.168.1.0/24 and a packet arrives on the outside of your firewall with a source address of 192.168.1.2, the appliance can drop the packet due to the information in its routing table. However, SYN floods from the Internet are a different matter. There is a mechanism on the IPS that can help you with this. Please see the document below for the SYN Cookie functionality of IPS Signature 3050/0.</P><P></P><P><A href="https://community.cisco.com/docs/DOC-11874">https://supportforums.cisco.com/docs/DOC-11874</A></P><P></P><P>Thank you,<BR />Blayne Dreier<BR />Cisco TAC IDS Team</P><P></P><P>**Please check out our Podcast**<BR /><SPAN>TAC Security Show: </SPAN><A class="jive-link-external-small" href="http://www.cisco.com/go/tacsecuritypodcast">http://www.cisco.com/go/tacsecuritypodcast</A></P></BODY></HTML> Sun, 04 Jul 2010 21:46:05 GMT https://community.cisco.com/t5/network-security/anti-spoofing/m-p/1448436#M67049 Christopher Dreier 2010-07-04T21:46:05Z