Defense Against Spoofing Attacks
Packet filtering is one defense against IP spoofing attacks. The gateway to a network usually performs ingress filtering, which is blocking of packets from outside the network with a source address inside the network. This prevents an outside attacker spoofing the address of an internal machine. Ideally the gateway would also perform egress filtering on outgoing packets, which is blocking of packets from inside the network with a source address that is not inside. This prevents an attacker within the network performing filtering from launching IP spoofing attacks against external machines.
It is also recommended to design network protocols and services so that they do not rely on the IP source address for authentication.
Read more about this topic: IP Address Spoofing
Famous quotes containing the words defense against, defense and/or attacks:
“Though a censure lies against those who are poor and proud, yet is Pride sooner to be forgiven in a poor person than in a rich one; since in the latter it is insult and arrogance; in the former, it may be a defense against temptations to dishonesty; and, if manifested on proper occasions, may indicate a natural bravery of mind, which the frowns of fortune cannot depress.”
—Samuel Richardson (1689–1761)
“For there is no defense for a man who, in the excess of his wealth, has kicked the great altar of Justice out of sight.”
—Aeschylus (525–456 B.C.)
“There exists, at the bottom of all abasement and misfortune, a last extreme which rebels and joins battle with the forces of law and respectability in a desperate struggle, waged partly by cunning and partly by violence, at once sick and ferocious, in which it attacks the prevailing social order with the pin-pricks of vice and the hammer-blows of crime.”
—Victor Hugo (1802–1885)