First page Back Continue Last page Summary Graphics
Importance of Blocking Outgoing Spoofed Source Addresses
Spoofed packets could be eliminated by adopting the suggestions in RFC 2827, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing"
Allow only outgoing packets containing source addresses belonging to your local networks
To be effective, RFC 2827 requires adoption as a universal policy
For now, you can stop outgoing spoofed addresses from your sites by filtering on outgoing source address