Defense Against Spoofing Attacks
Packet filtering is one defense against IP spoofing attacks. The gateway to a network usually performs ingress filtering, which is blocking of packets from outside the network with a source address inside the network. This prevents an outside attacker spoofing the address of an internal machine. Ideally the gateway would also perform egress filtering on outgoing packets, which is blocking of packets from inside the network with a source address that is not inside. This prevents an attacker within the network performing filtering from launching IP spoofing attacks against external machines.
It is also recommended to design network protocols and services so that they do not rely on the IP source address for authentication.
Read more about this topic: IP Address Spoofing
Famous quotes containing the words defense and/or attacks:
“The sick man is taken away by the institution that takes charge not of the individual, but of his illness, an isolated object transformed or eliminated by technicians devoted to the defense of health the way others are attached to the defense of law and order or tidiness.”
—Michel de Certeau (1925–1986)
“Neither the wrath of Heaven nor the attacks of enemies
are as fatal as Pleasure alone when she infects the mind.”
—Silius Italicus (26–101)