I may be pointing out the obvious here, but here goes:
Keep in mind that you can never under any circumstances
determine if, say, host A on the other side of the world is
spoofing as host B.
You can only protect against hosts on one side of the firewall
trying to spoof as hosts known to be on another side of the
firewall.
That said, there are "application" mechanisms for protecting
against IP spoofing, such as IPSec, but I had the notion
that we're talking vanilla TCP/IP here in which case my
above explanation holds.
Oh and btw, these "application" mechanisms that protect
against IP spoofing won't work over NAT. Can't win 'em all :-)
Regards,
Mike
Ryan Russell wrote:
>
> >How does a packet filtering firewall like Firewall1 check for spoofed
> >IPs? Or can it be done? Thanks!
>
> It can be done, you just have to configure it properly. (By that, I
> mean that FW-1 will not automatically set up anti-spoofing fr you.)
>
> PFs check for spoofed packets by keeping a list of what source
> addresses are legal for a particular interface. If they get a packet
> with a source address that isn't legal for an interface, they typically
> drop the packet and log it.
>
> For example, if your inside interface is le0 and you use 192.168
> addresses on the inside, and your outside interface (say, le2)
> gets a packet coming in with a source address of 192.168, it will
> complain.
>
> Ryan
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
