ZyXEL Communications P-660HW-TX Manual De Usuario
P-660HW-Tx v2 Series Support Notes
16. How can I protect against IP spoofing attacks?
The P-660HW-Tx v2's filter sets provide a means to protect against IP
spoofing attacks. The basic scheme is as follows:
spoofing attacks. The basic scheme is as follows:
For the input data filter:
• Deny packets from the outside that claim to be from the inside
• Allow everything that is not spoofing us
• Allow everything that is not spoofing us
Filter rule setup:
• Filter type =TCP/IP Filter Rule
• Active
• Active
=Yes
• Source IP Addr =a.b.c.d
• Source IP Mask =w.x.y.z
• Action Matched =Drop
• Action Not Matched =Forward
• Source IP Mask =w.x.y.z
• Action Matched =Drop
• Action Not Matched =Forward
Where a.b.c.d is an IP address on your local network and w.x.y.z is your
netmask:
netmask:
For the output data filters:
• Deny bounce back packet
• Allow packets that originate from us
• Allow packets that originate from us
Filter rule setup:
• Filter Type =TCP/IP Filter Rule
• Active
• Active
=Yes
• Destination IP Addr =a.b.c.d
• Destination IP Mask =w.x.y.z
• Action Matched =Drop
• Action No Matched =Forward
• Destination IP Mask =w.x.y.z
• Action Matched =Drop
• Action No Matched =Forward
Where a.b.c.d is an IP address on your local network and w.x.y.z is your
netmask.
netmask.
11
All contents copyright © 2006 ZyXEL Communications Corporation.