[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Blocking IP Spoofing

One method of attempting to gain access to a restricted area of the network is to insert a bogus source address in the packet header to make the packet appear to come from a trusted source. This technique is called IP spoofing.

Before You Begin

For background information, read Understanding Attacker Evasion Techniques.

You can use either J-Web or the CLI configuration editor to block IP spoofing.

This topic covers:

J-Web Configuration

To configure screens:

  1. Select CLI Tools>Point and Click CLI.
  2. Next to Security, click Configure or Edit.
  3. Next to Screen, click Configure.
  4. Next to Ids option, click Add new entry.
  5. In the Name box, type Ip-spoofing.
  6. Next to Ip, click Configure.
  7. Next to Spoofing, select the check box and click OK.
  8. To save and commit the configuration, click Commit.

To configure zones:

  1. Select CLI Tools>Point and Click CLI.
  2. Next to Security, click Configure or Edit.
  3. Next to Zones, click Configure.
  4. Next to Security zone, click Add new entry.
  5. In the Name box, type zone.
  6. In the Screen box, type ip-spoofing and click OK.
  7. To save and commit the configuration, click Commit.

CLI Configuration

user@host# set security screen ids-option ip-spoofing ip spoofing
user@host# set security zones security-zone zone screen ip-spoofing

Related Topics

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]