From owner-freebsd-questions@FreeBSD.ORG Sun Sep 7 11:35:47 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 91EC116A4C1 for ; Sun, 7 Sep 2003 11:35:47 -0700 (PDT) Received: from out004.verizon.net (out004pub.verizon.net [206.46.170.142]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8C0FE44001 for ; Sun, 7 Sep 2003 11:35:43 -0700 (PDT) (envelope-from mike@pcmedx.com) Received: from duron.pcmedx.com ([4.46.22.189]) by out004.verizon.net (InterMail vM.5.01.05.33 201-253-122-126-133-20030313) with ESMTP id <20030907183542.TBUJ25700.out004.verizon.net@duron.pcmedx.com>; Sun, 7 Sep 2003 13:35:42 -0500 Received: from localhost (localhost [127.0.0.1]) by duron.pcmedx.com (Postfix) with ESMTP id 7A722AB2B; Sun, 7 Sep 2003 11:35:10 -0700 (PDT) Received: from mike (mike.pcmedx.com [192.168.240.244]) by duron.pcmedx.com (Postfix) with SMTP id 28D48AA8B; Sun, 7 Sep 2003 11:35:09 -0700 (PDT) Message-ID: <003301c3756e$dd43b440$f4f0a8c0@pcmedx.com> From: "Mike Maltese" To: References: <004001c37540$cdf13680$0400a8c0@fire> <002201c37543$49d01c60$0100a8c0@guilmot2cimcs9> Date: Sun, 7 Sep 2003 11:35:51 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Virus-Scanned: by amavisd (http://www.amavis.org) and f-prot (http://www.f-prot.com) at pcmedx.com X-Authentication-Info: Submitted using SMTP AUTH at out004.verizon.net from [4.46.22.189] at Sun, 7 Sep 2003 13:35:42 -0500 cc: Alex Zivenko Subject: Re: Spoofing, defense? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Sep 2003 18:35:47 -0000 A complete list of valid address ranges can be found at http://www.iana.org/assignments/ipv4-address-space. > Alex Zivenko wrote: > > Everybody know what is spoofing. > > How can I protect my server from it? It's a router to the internet, > > but some of my friends spoof the address and go thrue the router. > > Firewall can't protect. > > Any suggestions? > > Follow an ipf howto/tutorial. > There are MANY of them around. > > In my firewall I prevent it like: > > # Anti-spoof, no loggin [ I hate reading them ;-) ] > > block in quick on rl0 from 192.168.0.0/16 to any #RFC 1918 private IP > > block in quick on rl0 from 172.16.0.0/12 to any #RFC 1918 private IP > > block in quick on rl0 from 10.0.0.0/8 to any #RFC 1918 private IP > > block in quick on rl0 from 127.0.0.0/8 to any #loopback > > block in quick on rl0 from 0.0.0.0/8 to any #loopback > > block in quick on rl0 from 169.254.0.0/16 to any #DHCP auto-config > > block in quick on rl0 from 192.0.2.0/24 to any #reserved for doc's > > block in quick on rl0 from 204.152.64.0/23 to any #Sun cluster interconnect > > block in quick on rl0 from 224.0.0.0/3 to any #Class D & E multicast