General discussion

Locked

Anti-spoofing

By lcw ·
Can I know what it means by anti-spoofing?It mentioned in some of the firewall features?

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Joseph Moore In reply to Anti-spoofing

Let's talk about what Spoofing is before anti-spoofing.

It is possible to change the TCP headers in the packets you send, specifying a DIFFERENT source IP address with another one.
So, say your IP is 10.1.1.1, and you want to send some spoofed packets to WWW.DOMAIN.COM web server. In your packets, you change the headers to say your source IP address is 192.168.1.1
Now, why would you want to do this? Because if the WWW.DOMAIN.COM web server is not protected from spoofed packets, and if it had an IP address of 192.168.1.2, then your spoofed packets would seem to be, to the WWW.DOMAIN.COM web server, to be coming from a local LAN machine.
And typically, machines on a local LAN have much LESS security than machines outside the LAN.
So, if you could get spoofed packets to hit your target, and your spoofed packets could look like packets from the LAN, then the chances of you being able to hack the web server are drastically increased!
So, this is why spoofing is bad!
Now, modern firewalls will drop inbound spoofed packets to PREVENT this entire attack method. Routers can also drop spoofed packets, for the same reason.
So, anti-spoofing is a good thing.

hope this helps

Collapse -

by lcw In reply to Anti-spoofing

This question was closed by the author

Back to Networks Forum
2 total posts (Page 1 of 1)  

Related Forums