How Can I Protect Against Ip Spoofing Attacks - ZyXEL Communications P-660HW-Tx v3 Support Notes
802.11g wireless adsl2+ 4-port gateway
Hide thumbs
Also See for P-660HW-Tx v3:
- User manual (438 pages) ,
- Quick start manual (10 pages) ,
- Specification sheet (2 pages)
Table of Contents
Advertisement
group'. Generic filters belong to the 'device filter group', TCP/IP and IPX filters
belong to the 'protocol filter group'. You can configure the filter rule in CLI.
Note: In ZyNOS, you can not mix different filter groups in the same filter set.
16. How can I protect against IP spoofing attacks?
The P-660HW-Tx v3's filter sets provide a means to protect against IP
spoofing attacks. The basic scheme is as follows:
For the input data filter:
Deny packets from the outside that claim to be from the inside
Allow everything that is not spoofing us
Filter rule setup:
Filter type =TCP/IP Filter Rule
Active =Yes
Source IP Addr =a.b.c.d
Source IP Mask =w.x.y.z
Action Matched =Drop
Action Not Matched =Forward
Where a.b.c.d is an IP address on your local network and w.x.y.z is your
netmask:
For the output data filters:
Deny bounce back packet
Allow packets that originate from us
Filter rule setup:
Filter Type =TCP/IP Filter Rule
Active =Yes
Destination IP Addr =a.b.c.d
Destination IP Mask =w.x.y.z
Action Matched =Drop
Action No Matched =Forward
Where a.b.c.d is an IP address on your local network and w.x.y.z is your
netmask.
All contents copyright © 2008 ZyXEL Communications Corporation.
P-660HW-Tx v3 Series Support Notes
11
Advertisement
Table of Contents
