It is possible to test for spoofing. Testing has a high cost for the resources involved. Some of the first rules of any filter is to drop the reserved public and private networks.
There exist another option for brute force attacks that involves greping the log file for issues and automating blocking iptables rules... ~ Andrew "lathama" Latham lath...@gmail.com * Learn more about OSS http://en.wikipedia.org/wiki/Open-source_software * Learn more about Linux http://en.wikipedia.org/wiki/Linux * Learn more about Tux http://en.wikipedia.org/wiki/Tux On Fri, Feb 5, 2010 at 5:53 PM, Kevin P. Fleming <kpflem...@digium.com> wrote: > cyr...@gmail.com wrote: >> Does it require to write firewall rules? how can I write a firewall rule >> to block IP Spoofing > > It is not possible to block IP spoofing, except for IPs that exist on > the inside of your firewall. If the source IP is outside your firewall, > it is not possible to know whether it originated from the proper owner > of that IP or whether it was spoofed. > > -- > Kevin P. Fleming > Digium, Inc. | Director of Software Technologies > 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA > skype: kpfleming | jabber: kpflem...@digium.com > Check us out at www.digium.com & www.asterisk.org > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-biz mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-biz > -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
