This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Binoy
Explorer
‎2021-06-25 12:04 PM

How to prevent IP spoofing from internet?

Can someone help me to understand how checkpoint firewall prevents IP spoofing from the internet?

6 Replies
PhoneBoy
Admin
Admin
‎2021-06-25 01:38 PM

There's a couple things:

1. You define the topology on the gateway as to what's considered valid on the gateway for a given interface. In R80.20+ you can also let this be dynamically defined by the routing table.
2. We block the use of IP Options, which allows you to encode a route back to the IP.  

0 Kudos
Binoy
Explorer
‎2021-06-29 01:09 AM
In response to PhoneBoy

Thank you very much for the reply.

1. I understand that we can enable Anti-spoofing on interfaces based on the topology. Whether I need to enable anti-spoofing on Internet facing interface? As the default route is pointing to internet, how will it detect IP spoofing?

2. Whether IPS blade is required to block the IP Options. Could you please help to understand how to do it.

 

PhoneBoy
Admin
Admin
‎2021-06-29 01:38 PM
In response to Binoy

For external interfaces, anything not defined on an internal interface would be considered invalid on the external interface.

IP Options checking is actually done in the firewall (not IPS) and done by default.
Modifying this behavior requires editing some .def files on the management and pushing policy.

0 Kudos
Cyber_Serge
Collaborator
‎2021-06-25 06:48 PM

you can also search " Anti-Spoofing" in the Security Gateway Administration Guide for your corresponding version to read up on more detail

the_rock
Legend
Legend
‎2021-06-26 04:49 AM

I would refer to below link, it explains it very well:

https://sc1.checkpoint.com/documents/R80.20/SmartConsole_OLH/EN/html_frameset.htm?topic=documents/R8...

 

@PhoneBoy gave you correct answer. Put it this way...there is an option on external interface to exempt any IP address, but you definitely do not want to turn off anti spoofing on external interface, thats a huge security issue. In some scenario, I seen people set it to "detect" on internal interface, but thats not as bad, since that would be used for outbound traffic anyway.

0 Kudos
Baasanjargal_Ts
Advisor
Advisor
‎2021-06-28 11:59 PM

If you activate IP spoofing on your interfaces, It will help to IP spoofing attacks.  If attacker send a packet with the spoofed address into your servers It can prevent. For example, your Eth1 is configured 192.168.1.0/24 subnetting, then It will drop the packet if firewall receive this subnet IP come from another interface...

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events