- You can also, from Policy Manager, select Setup => Intrusion Prevention => Default Packet Handling.
- The Default Packet Handling dialog box appears.
One method that attackers use to gain access to your network involves creating an electronic "false identity." With this method, called "IP spoofing," the attacker creates a TCP/IP packet that uses someone else's IP address. Because routers use a packet's destination address to forward the packet toward its destination, the packet's source address is not validated until the packet reaches its destination. In conjunction with the false identity, the attacker may route the packet so that it appears to originate from a host that the targeted system trusts.
If the destination system performs session authentication based on a connection's IP address, the destination system may allow the packet with the spoofed address through your firewall. The destination system "sees" that the packet apparently originated from a host that is trusted, and therefore doesn't require validation or a password.
When you enable spoofing defense, the Firebox prevents packets with a false identity from passing through to your network. When such a packet attempts to establish a connection, the Firebox generates two log records. One log record shows that the attacker's packet was blocked; the other shows that the attacker's site has been added to the Blocked Sites list, a compilation of all sites blocked by the Firebox.
You can block spoofing attacks using the Default Packet Handling dialog box. From Policy Manager:
Related topics:
Blocking port space and address space attacks
Copyright
© 1996 - 2003 WatchGuard Technologies, Inc. All rights reserved.
Legal Notice/Terms of Use