Last Updated on August 1, 2021 by Admin 1
The following commands were executed on the perimeter router. The Fa1/0 interface in the router is the external interface.
What will be the effect of these commands?
- all traffic will be blocked incoming
- traffic sourced from private IP addresses will be blocked incoming
- traffic destined for private IP addresses will be allowed incoming
- no traffic will be blocked incoming
All traffic will be blocked incoming. While it appears on the surface that this list was designed to block incoming traffic sourced from private IP addresses, it is lacking a single permit statement. Due to the implied deny all at the end of the list, no traffic will be allowed incoming.
Blocking incoming traffic from private IP addresses is a way to prevent IP spoofing, since there should be no reason for traffic from private IP addresses to be incoming from the Internet. However, you need to include a permit statement at the end to allow all other traffic types.
Traffic destined for private IP addresses is not all that will be blocked by this command set. In fact, no traffic would be allowed. If there were a permit ip any any at the end of the list, then incoming traffic destined for private IP addresses would be allowed. This is probably not a great idea either, but if it a permit IP any were added at the end of the command set in the scenario, it would allow incoming traffic destined for private IP addresses.
Objective:
Infrastructure Security
Sub-Objective:
Configure and verify router security features