ACL question

Bl8ckr0uter

I know that ACLs will not operate on packets whose origin is the router itself, but what would happen if the ip address of the router is spoofed and a packet happen to hit a that same router interface? How do the ACLS determine if the packet is truly from the router, by ip address or something else? I believe that acls only function at layer 3/4 (depending on the type of ACL) so it could not use the Mac address of the router interface as a form of identification so would those packets simply be allowed or not acted on?

EDIT: Another question is I know that in Windows (and I am assuming most other OSes) when you delete something, it can be recovered (usually) as long as the actually hdd space has not been over written. What actually happens to denied packets, I know they go to the "bit bucket" but is there an actual place on a cisco router where you can view the contents of discarded packets or are they actually gone forever?

dtlokee

A spoofed IP address would not change the handling of a packet by the ACL, the designation to bypass the ACL is within the processing of the router itself, it know if it's locally orginated or from a different device.

Packets that are denied are gone forever however you can use the 'log' keyword on an ACL to log the headers for review.