[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] How to block Spoofing ??

To: [email protected]
Subject: Re: [FW-1] How to block Spoofing ??
From: Yves Belle-Isle <[email protected]>
Date: Wed, 28 Nov 2001 09:31:05 -0500
Comments: cc: Mohan Sundar <[email protected]>
In-Reply-To: <[email protected]>
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

The antispoofing option of FW-1 is not intended for that, it is mainly
intended so as user behing the FW-1 doesn't spoof address to other
interface of the FW-1, including to the external interface. For outside
address which spoof another outside address to the external interface of
your FW-1, the detection is to be done by your IDS system or manually...

Such attack mainly try to shutdown some of your site because, except
for very rare exception, such attack doesn't get any packet back to
the attacking machine. It's mainly used for DDoS where the spoofed
address change from one received packet to the next.

it's very difficult to block because you can't block the attacking machine
at all, just the legitime machine from whose it steal the IP address to
spoof the packet, imagine you block those and than the intruder spoof with
the IP address of the sites you normally exchange data with ? You will
just shutdown yourself off the Internet...

At 19:10 2001-11-28 +0530, Mohan Sundar wrote:
>Hi All,
>
>    I have seen many IP addreess tried to establish connection with my
>network, I came to know this from my firewall log  but these  are not realy
>from Original hosts. I feel sombody is spoofing the IP and attacking my
>network.. hence I would like to block this spoofing,
>Is anybody know how to block this spoofing? and IS there any special
>software avilable to identify spoofing?
>I feel the spoofing option provided by checkpoint is not effective..
>Since it can block pockets which arrives to external NIC with Private
>IP/LocalNet IP addresses only...
>Any input regarding Spoofing is appriciated..
>
>Thanks & regadrs,
>MOHi
>
>_________________________________________________________________
>Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
>===============================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>===============================================
>

------------------------------------------------------------
Yves Belle-Isle V.P. VE2YBI YB17        Email: [email protected]
Responsable des Systemes                Tel:Sogi Informatique Ltee.                 Fax:------------------------------------------------------------

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

References:
- [FW-1] How to block Spoofing ??
  - From: Mohan Sundar <[email protected]>

Prev by Date: Re: [FW-1] Red Hat Version
Next by Date: Re: [FW-1] VPN to watchguard SOHO
Prev by thread: [FW-1] How to block Spoofing ??
Next by thread: Re: [FW-1] How to block Spoofing ??
Index(es):
- Date
- Thread