How can i protect against ip spoofing attacks – ZyXEL Communications P-660H-TX User Manual

P-660H-Tx v2 Support Notes

16. How can I protect against IP spoofing attacks?

The P-660H-Tx v2's filter sets provide a means to protect against IP spoofing
attacks. The basic scheme is as follows:

For the input data filter:

• Deny packets from the outside that claim to be from the inside
• Allow everything that is not spoofing us

Filter rule setup:

• Filter type =TCP/IP Filter Rule
• Active

=Yes

• Source IP Addr =a.b.c.d
• Source IP Mask =w.x.y.z
• Action Matched =Drop
• Action Not Matched =Forward

Where a.b.c.d is an IP address on your local network and w.x.y.z is your
netmask:

For the output data filters:

• Deny bounce back packet
• Allow packets that originate from us

Filter rule setup:

• Filter Type =TCP/IP Filter Rule
• Active

=Yes

• Destination IP Addr =a.b.c.d
• Destination IP Mask =w.x.y.z
• Action Matched =Drop
• Action No Matched =Forward

Where a.b.c.d is an IP address on your local network and w.x.y.z is your
netmask.

9

All contents copyright © 2006 ZyXEL Communications Corporation.