Mitigating Spoofed Addresses (Inbound)
You can use access lists to prevent packets with spoofed source addresses
from entering your network. When configuring inbound antispoof ACLs, you
should deny packets from, at a minimum, the following:
■ Any internal address space
■ Internal loopback addresses
■ RFC 1918 reserved addresses
■ Multicast addresses
Mitigating Spoofed Addresses (Outbound)
In addition to dropping inbound packets with spoofed source addresses, you
should also configure ACLs to prevent packets from leaving your network
with spoofed source addresses. No packets should leave your network that
do not have source addresses inside your network.