The antispoofing option of FW-1 is not intended for that, it is mainly intended so as user behing the FW-1 doesn't spoof address to other interface of the FW-1, including to the external interface. For outside address which spoof another outside address to the external interface of your FW-1, the detection is to be done by your IDS system or manually...
Such attack mainly try to shutdown some of your site because, except for very rare exception, such attack doesn't get any packet back to the attacking machine. It's mainly used for DDoS where the spoofed address change from one received packet to the next. it's very difficult to block because you can't block the attacking machine at all, just the legitime machine from whose it steal the IP address to spoof the packet, imagine you block those and than the intruder spoof with the IP address of the sites you normally exchange data with ? You will just shutdown yourself off the Internet... At 19:10 2001-11-28 +0530, Mohan Sundar wrote: >Hi All, > > I have seen many IP addreess tried to establish connection with my >network, I came to know this from my firewall log but these are not realy >from Original hosts. I feel sombody is spoofing the IP and attacking my >network.. hence I would like to block this spoofing, >Is anybody know how to block this spoofing? and IS there any special >software avilable to identify spoofing? >I feel the spoofing option provided by checkpoint is not effective.. >Since it can block pockets which arrives to external NIC with Private >IP/LocalNet IP addresses only... >Any input regarding Spoofing is appriciated.. > >Thanks & regadrs, >MOHi > >_________________________________________________________________ >Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > >=============================================== >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >=============================================== > ------------------------------------------------------------ Yves Belle-Isle V.P. VE2YBI YB17 Email: [EMAIL PROTECTED] Responsable des Systemes Tel: (819) 379-3446 Sogi Informatique Ltee. Fax: (819) 379-3449 ------------------------------------------------------------ =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
