ACL question

I know that ACLs will not operate on packets whose origin is the router itself, but what would happen if the ip address of the router is spoofed and a packet happen to hit a that same router interface? How do the ACLS determine if the packet is truly from the router, by ip address or something else? I believe that acls only function at layer 3/4 (depending on the type of ACL) so it could not use the Mac address of the router interface as a form of identification so would those packets simply be allowed or not acted on?

EDIT: Another question is I know that in Windows (and I am assuming most other OSes) when you delete something, it can be recovered (usually) as long as the actually hdd space has not been over written. What actually happens to denied packets, I know they go to the "bit bucket" but is there an actual place on a cisco router where you can view the contents of discarded packets or are they actually gone forever?

Find more posts tagged with

Comments

dtlokee

A spoofed IP address would not change the handling of a packet by the ACL, the designation to bypass the ACL is within the processing of the router itself, it know if it's locally orginated or from a different device.

Packets that are denied are gone forever however you can use the 'log' keyword on an ACL to log the headers for review.

Bl8ckr0uter

dtlokee wrote: »

A spoofed IP address would not change the handling of a packet by the ACL, the designation to bypass the ACL is within the processing of the router itself, it know if it's locally orginated or from a different device.

Ok that is what I was wondering.

dtlokee wrote: »

Packets that are denied are gone forever however you can use the 'log' keyword on an ACL to log the headers for review.

I know about the log command. I was just curious about whether or not you could actually see the data payload as well.

Thanks for the answer.