Attack Prevention
Ingress Filtering
Ingress filtering prevents spoofed packets from entering the network byputting rules on point-of-entry routers that restrict source addresses to
a known valid range. Because this kind of filtering needs to be present
at each point of entry, it must be set for each subnet on each router in
the organization. Checking each router by hand can be an enormous
task. There are a few ways to check the ingress filtering configuration of
an organization:
• Sending Spoofed Packets.
• Integrate with Existing Program.
• Comparing Usual Addresses.
Sending Spoofed Packets
One way is to provide an easily distributed program that sends spoofed
packets to a listener program. If the listener program receives the
spoofed packets, it can notify the remote program that the packet was
received and also log the network from which it was received. This
program should be run at each location to draw up a status map of
ingress filtering on the whole network.
Integrate with Existing Program
Another possibility is to integrate with some of the popular network
management platforms such as HP OpenView or Tivoli. These may
already have stored the filtering rules, or may be able to push them out
to the routers in the organization if they are missing.
No comments:
Post a Comment