Solved

ip spoofing

Posted on 2014-09-10
3
269 Views
Last Modified: 2014-09-12
I have seen what should be default rules for firewalls described as
deny any address from your internal network
deny any local host addresses ( example 127.0.0.1 )
deny any reserved private addresses
deny any addresses in the IP multicast address range
then i also saw this advise
"have separate inbound and outbound ACL's to ensure that the data that's leaving the network comes from a different source than data that's coming into the network"
so I think i get the last one, I thought that would be a way to prevent IP spoofing. because if someone is spoofing, the data they are sending will actually be coming from the outside. Does that sound right?
I really can't picture the purpose of the other rules though. for instance, why would i want to " deny any address from your internal network" wouldn't that mean that if one of my interior network addresses is 192.168.0.2, and if the firewall denies data from that address ( the internal network ) then that client couldn't, for example, send requests to web servers to look at web pages. that person would click on a link, and that request is denied on the firewall? is that what that means?
basically if someone has some good visuals of what is happening with these firewall rules, i would really appreciate it.
0
Comment
Question by:JeffBeall
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 32

Accepted Solution

by:
harbor235 earned 250 total points
ID: 40316947
""have separate inbound and outbound ACL's to ensure that the data that's leaving the network comes from a different source than data that's coming into the network""

Right, you want to add a outbound filter that allows traffic sourced from your internal networks, this guarantees no-one is spoofing traffic from your internal networks,  , if everyone implemented outbound filters then the traffic originating from their networks would be o0nly legitimate traffic from their IP blocks only.

"deny any address from your internal network"


harbor235 ;}
This is for the inbound filter and its for traffic sourced from your internal nets, this means you should never receive traffic from the outside sourced from your internal nets, you see? you nets are on the inside how can they be outside?
0
 
LVL 28

Assisted Solution

by:mikebernhardt
mikebernhardt earned 250 total points
ID: 40317445
"have separate inbound and outbound ACL's to ensure that the data that's leaving the network comes from a different source than data that's coming into the network" means:
Create an inbound list which denies traffic sourced from your own public addresses, and an outbound list which ONLY allows traffic from your own public addresses. Does that make sense? Then no one can send you data with your source address, and no one on your network can spoof someone else's addressing (good internet citizen).

Your policies should also deny PRIVATE addresses from coming in. And unless you are doing NAT on the outside of the firewall, it should also deny private addresses from going out.
0
 
LVL 1

Author Closing Comment

by:JeffBeall
ID: 40320158
thank you.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question