One method that a hacker can use to get access to your network is to create an electronic "false identity." With this "IP spoofing" procedure, the attacker makes a TCP/IP packet that uses a different IP address than the host it comes from.
A router uses the destination address of a packet to forward it to its destination. Thus, the source address of the packet is not authenticated until the packet gets to its destination. If a host is a "trusted host", authentication is not necessary. In IP spoofing, an attacker can use this information to route a packet as if it comes from a trusted host. The destination system then authenticates the IP address of the connection and gives access through your firewall.
You can enable protection for IP spoofing on the Firebox. The Firebox denies the spoofed packets, and then sends two log messages. One log message shows that the packet of the attacker was blocked. The Firebox sends a second log message to show that the attacker IP address is on the Blocked Sites list. All the Web sites that the Firebox denies appear on the Blocked Sites list.
Copyright
© 1996 - 2005 WatchGuard Technologies, Inc. All rights reserved.
Legal Notice/Terms of Use