Solved

ip spoofing

Posted on 2014-09-10
3
259 Views
Last Modified: 2014-09-12
I have seen what should be default rules for firewalls described as
deny any address from your internal network
deny any local host addresses ( example 127.0.0.1 )
deny any reserved private addresses
deny any addresses in the IP multicast address range
then i also saw this advise
"have separate inbound and outbound ACL's to ensure that the data that's leaving the network comes from a different source than data that's coming into the network"
so I think i get the last one, I thought that would be a way to prevent IP spoofing. because if someone is spoofing, the data they are sending will actually be coming from the outside. Does that sound right?
I really can't picture the purpose of the other rules though. for instance, why would i want to " deny any address from your internal network" wouldn't that mean that if one of my interior network addresses is 192.168.0.2, and if the firewall denies data from that address ( the internal network ) then that client couldn't, for example, send requests to web servers to look at web pages. that person would click on a link, and that request is denied on the firewall? is that what that means?
basically if someone has some good visuals of what is happening with these firewall rules, i would really appreciate it.
0
Comment
Question by:JeffBeall
3 Comments
 
LVL 32

Accepted Solution

by:
harbor235 earned 250 total points
ID: 40316947
""have separate inbound and outbound ACL's to ensure that the data that's leaving the network comes from a different source than data that's coming into the network""

Right, you want to add a outbound filter that allows traffic sourced from your internal networks, this guarantees no-one is spoofing traffic from your internal networks,  , if everyone implemented outbound filters then the traffic originating from their networks would be o0nly legitimate traffic from their IP blocks only.

"deny any address from your internal network"


harbor235 ;}
This is for the inbound filter and its for traffic sourced from your internal nets, this means you should never receive traffic from the outside sourced from your internal nets, you see? you nets are on the inside how can they be outside?
0
 
LVL 28

Assisted Solution

by:mikebernhardt
mikebernhardt earned 250 total points
ID: 40317445
"have separate inbound and outbound ACL's to ensure that the data that's leaving the network comes from a different source than data that's coming into the network" means:
Create an inbound list which denies traffic sourced from your own public addresses, and an outbound list which ONLY allows traffic from your own public addresses. Does that make sense? Then no one can send you data with your source address, and no one on your network can spoof someone else's addressing (good internet citizen).

Your policies should also deny PRIVATE addresses from coming in. And unless you are doing NAT on the outside of the firewall, it should also deny private addresses from going out.
0
 
LVL 1

Author Closing Comment

by:JeffBeall
ID: 40320158
thank you.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Routing between two networks? 10 51
SIEM traffic 5 53
slow vpn connection 9 64
Support licences 3 24
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question