Access (Anti-Spoofing); Overview; Ip Spoofing - D-Link DFL-1600 User Manual

15
Access (Anti-spoofing)
15.1

Overview

The primary function of any firewall is to control the access to protected
data resources, so that only authorized connections are allowed. Access
control is basically addressed in the firewall's IP rules (introduced in 14. IP
Rules). According to the rules, the firewall considers a range of protected
LAN addresses as trusted hosts, and restricts the traffic flow from the
untrusted Internet going into the trusted area, and also the other way
around.
One underlying flaw of this trust based control is that, it tends to neglect
the potential hazard caused by masquerade. The clever attackers make
tricks to fool the firewall by pretending the identity of a trust host, which is
the so called Spoofing technique.
15.1.1 IP Spoofing
IP spoofing is one of the most common masquerading attacks, where the
attacker uses IP addresses trusted by the firewall to bypass the traffic
filtering. In the spoofing process, the header of an IP indicating the source
address of a given packet can be easily modified to a local host's address, so
that the firewall will believe the request came from a trusted source.
Although the packet cannot be responded to the initial source, there is
potential for unnecessary network congestion and denial of service (DoS)
123