Defense Against Spoofing Attacks
Packet filtering is one defense against IP spoofing attacks. The gateway to a network usually performs ingress filtering, which is blocking of packets from outside the network with a source address inside the network. This prevents an outside attacker spoofing the address of an internal machine. Ideally the gateway would also perform egress filtering on outgoing packets, which is blocking of packets from inside the network with a source address that is not inside. This prevents an attacker within the network performing filtering from launching IP spoofing attacks against external machines.
It is also recommended to design network protocols and services so that they do not rely on the IP source address for authentication.
Read more about this topic: IP Address Spoofing
Famous quotes containing the words defense against, defense and/or attacks:
“The aims of life are the best defense against death.”
—Primo Levi (1919–1987)
“He said, truly, that the reason why such greatly superior numbers quailed before him was, as one of his prisoners confessed, because they lacked a cause,—a kind of armor which he and his party never lacked. When the time came, few men were found willing to lay down their lives in defense of what they knew to be wrong; they did not like that this should be their last act in this world.”
—Henry David Thoreau (1817–1862)
“We are supposed to be the children of Seth; but Seth is too much of an effete nonentity to deserve ancestral regard. No, we are the sons of Cain, and with violence can be associated the attacks on sound, stone, wood and metal that produced civilisation.”
—Anthony Burgess (b. 1917)