Manualshelf

User manual

ManualsBrandsAlvarion ManualsNetworkingBreezeNET B300 GigE
191192193194195196197198199200
Chapter 4 - Layer 3 Command Set - IP Networking Ipfw Command (IP Firewall)
Alvarion BreezeNET B130/B300 GigE 182 Operational User Manual
ipfw add rf5.0 reject all from innerhost/16 to 0/0
Unlike the filters in the previous examples, this filter will be applied to packets
arriving through the rf5.0 interface only. Packets arriving through any other
interface will not be discarded (in this example the inner network is supposed to
be of the B class).
As an additional measure it may be useful to reject packets having a source
address from within the loopback network (127.0.0.0):
ipfw add rf5.0 reject all from 127.0.0.0/8 to 0/0
IP spoofing has been widely used in the Internet as an aggression method. For
additional information, see CERT summary CS-95:01, and also summaries on the
CERT WWW site.
It is important to consider that a malefactor may use IP spoofing for breaking in
your network despite an obvious fact that he will never receive any reply. See e.g.
CERT advisory CA-95:01.
IP-spoofing
In the previous examples, the source address was used a main and the only
criteria for the address reliability checking. Unfortunately, there is a possibility to
send the packets from an unreliable address, substituting the return address with
that you rely on (this attack method is called IP spoofing). It is clear that the
checking only of the source address is not enough. It is necessary to check the
path of the packet or, which is more practical, to check the interface through
which the packet was accepted.
A network example is shown below: