RE: [FW1] Anti-spoofing

["Pradeepa G" <pradeepa@FW1-NOSPAMinfy.com>]

Title: Anti-spoofing

Hi Don,

 

you need to enable

 

External interface - " Others" .

 

wherever, you have natted addresses coming into picture,

 

create a specific group which includes your internal network address and your natted addresses

 

so, in your case, it will be,

 

DMZ- specific ( which includes 192.168.2.1 plus netted addresses of DNS and web server)

 

Internal- specific ( which includes 192.168.1.1 plus natted address of email server and web server)

 

In case, you do not have any natted addresses on your internal network, you can enable " Thisnet" which should work...

 

you can keep spoof tracking to "Log" or "alert"

 

this has worked for me....hope it helps you........

 

rgds,

Pradeepa

 

-----Original Message-----
From: Don Leeper [mailto:dleeper@mckinleycapital.com]
Sent: Wednesday, July 25, 2001 9:23 PM
To: 'fw-1-mailinglist@beethoven.us.checkpoint.com'
Cc: 'dleeper@gci.net'
Subject: [FW1] Anti-spoofing

I was wondering if someone could give me your input on anti-spoofing.  I have 3 interfaces on my FW:
DMZ 192.168.2.1
External 63.64.1.1
Internal 192.168.1.1
I have a DNS server and web server sitting on the DMZ.  Which needs to be open to the public.
I have my email server and one web server on the Internal.  They need to be accessible to the public as well.  All addresses that are for the public are nated.  Could someone tell me how you would set up the anti-spoofing on the FW that won't affect my setup but protect me? I noticed in my logs that someone was trying to get in using private addresses. Thanks for your help in advance.  (I did look it up but I think its better to hear how others do it!) Kind of confusing....

Donnie Leeper