How Can We Protect Our Network From Spoofing?
To help prevent against spoofing attacks being successful on your own network, set up a router filter that does not allow outside packets whose source address is set to a host in one of your internal networks, into your network. This will catch most (some?) spoofing attempts originating outside your network, directed toward your network. It will not catch attempts made from inside your network (spoofing the address of another internal host, perhaps in an attempt to gain privileges), or attempts made against a third partys network in which your network is listed as the origin of the attack in the source IP address.
Additionally, you should also filter outbound packets, ensuring that no packets with a source IP address that is not within your network are allowed to leave it a malicious user is likely spoofing such packets. (If everyone did this, the spoofing problem would largely disappear. The fact that spoofing is still an issue clearly demonstrates that, amazingly, years after spoofing first became a common occurrence, not everyone has gotten around to this yet.)
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.