Spoofing, defense?
Mike Maltese
mike at pcmedx.com
Sun Sep 7 11:35:47 PDT 2003
A complete list of valid address ranges can be found at
http://www.iana.org/assignments/ipv4-address-space.
> Alex Zivenko wrote:
> > Everybody know what is spoofing.
> > How can I protect my server from it? It's a router to the internet,
> > but some of my friends spoof the address and go thrue the router.
> > Firewall can't protect.
> > Any suggestions?
>
> Follow an ipf howto/tutorial.
> There are MANY of them around.
>
> In my firewall I prevent it like:
>
> # Anti-spoof, no loggin [ I hate reading them ;-) ]
>
> block in quick on rl0 from 192.168.0.0/16 to any #RFC 1918 private IP
>
> block in quick on rl0 from 172.16.0.0/12 to any #RFC 1918 private IP
>
> block in quick on rl0 from 10.0.0.0/8 to any #RFC 1918 private IP
>
> block in quick on rl0 from 127.0.0.0/8 to any #loopback
>
> block in quick on rl0 from 0.0.0.0/8 to any #loopback
>
> block in quick on rl0 from 169.254.0.0/16 to any #DHCP auto-config
>
> block in quick on rl0 from 192.0.2.0/24 to any #reserved for doc's
>
> block in quick on rl0 from 204.152.64.0/23 to any #Sun cluster
interconnect
>
> block in quick on rl0 from 224.0.0.0/3 to any #Class D & E multicast
More information about the freebsd-questions
mailing list