Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2004
  • Last Modified:

Anti spoofing

I'm not sure about anti spoofing. Do we need both of these methods or one of them is enough ?

Technique 1
# enable kernel anti-spoofing
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
     echo 1 > $f

Technique 2
# Use iptables to block faked IPs
iptables -A INPUT -j drop-reserved -i $EXTIF -s
iptables -A INPUT -j drop-reserved -i $EXTIF -s
iptables -A INPUT -j drop-reserved -i $EXTIF -s
iptables -A INPUT -j drop-reserved -i $EXTIF -s
# ... and some more list

YES or NO answer is accepted,
but more explanation or links will be highly appreciated.

1 Solution
Use both. Although they have same effects in commen there
are diferences.
1. Drops packets when they would't be routed at the aprticular interface. This blocks packets with a srcaddr from inside coming from an outside interface and vice versa.
This also disables spoofer from the inside attacking outside hosts (!)
2. Drops only packets only from the outside. But it can even drop packets which would be valid for 1 because of the known fact that some Networks are unasigned.

Hope tht helps,
  Bernhard Brueck
KocilAuthor Commented:
Thanks, but one more question.
Is the first technique ensure that Internal IP (10.x.x.x, 172.16-31.x.x, 192.x.x.x) will not leak to external network in case I accidentally turn on forwarding and forgot to masquarade ?


Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now