Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Show AntiSpoofing Networks via CLI

This CLI command shows you the address spoofing networks as list and the IP settings per interface. Type this command on security gateway.

antispoofing.png

 

Last version  - command:

 

ifconfig -a |grep -B 1 inet |grep encap| awk '{print $1}' | grep -v lo | grep -v ":" | grep -v ^lo | xargs -I % sh -c 'echo %;echo -n " VIP "; cphaprob -a if |grep %|grep -v U|grep -v D | cut -c16-| tr -d "\r\n" ;echo;echo -n " IP ";ifconfig % | grep "inet addr" | cut -d ":" -f 2 | cut -d " " -f 1;echo -n " Mask " ;ifconfig % | sed -rn "2s/ .*:(.*)$/\1/p";echo -en " ANTISPOOFING ENABLED:\t";more $FWDIR/state/local/FW1/local.set |grep -A 30 % | grep has_addr_info | cut -c17- | tr \) " " |sort -ng| uniq ; echo -en " ANTISPOOFING MODE:\t"; if [ `more $FWDIR/state/local/FW1/local.set |grep -A 30 % | grep monitor_only | cut -c16- | tr \) " " |sort -ng| uniq| grep -o false` ]; then echo "PREVENT"; else echo "DETECT"; fi; echo -en " ANTISPOOFING TOPO:\t"; if [ `more $FWDIR/state/local/FW1/local.set |grep -A 30 % | grep external | cut -c12- | tr \) " " |sort -ng| uniq| grep -o true` ]; then echo "External"; else echo "Internal"; fi;echo " ADDRESS SPOOFING NETWORKS:";more $FWDIR/state/local/FW1/local.set | grep -A 30 %|grep ": (\""|sort -ng| uniq |tr \(\)\<\>\:\" \ ;echo " "'

 

Now you can see the states of:

- ANTISPOOFING ENABLED

- ANTISPOOFING MODE

- ANTISPOOFING TOPO  

 

 

Old versions:

 

27.06.2018 change "|grep -o false" issue and add TOPO

ifconfig -a |grep -B 1 inet |grep encap| awk '{print $1}' | grep -v lo | grep -v ":" | grep -v ^lo | xargs -I % sh -c 'echo %;echo -n " VIP "; cphaprob -a if |grep %|grep -v U|grep -v D | cut -c16-| tr -d "\r\n" ;echo;echo -n " IP ";ifconfig % | grep "inet addr" | cut -d ":" -f 2 | cut -d " " -f 1;echo -n " Mask " ;ifconfig % | sed -rn "2s/ .*:(.*)$/\1/p";echo -en " ANTISPOOFING ENABLED:\t";more $FWDIR/state/local/FW1/local.set |grep -A 30 % | grep has_addr_info | cut -c17- | tr \) " " |sort -ng| uniq ; echo -en " ANTISPOOFING MODE:\t"; if [ `more $FWDIR/state/local/FW1/local.set |grep -A 30 % | grep monitor_only | cut -c16- | tr \) " " |sort -ng| uniq` ]; then echo "PREVENT"; else echo "DETECT"; fi;echo " ADDRESS SPOOFING NETWORKS:";more $FWDIR/state/local/FW1/local.set | grep -A 30 %|grep ": (\""|sort -ng| uniq |tr \(\)\<\>\:\" \ ;echo " "'

34 Replies
Highlighted

R80.20 and above support automatically setting up antispoofing topology based on the routing topology on the firewall. Other vendors call this Unicast Reverse Path Forwarding, or URPF. That is, without question, the right way to do antispoofing in any new growth.

It can still cause problems if your network depends on asymmetric pathing. For example, if traffic from a given network arrives at the firewall on one interface, but traffic to it leaves from another interface, URPF will only allow it to come in the interface which it would leave. This isn't necessarily asymmetric routing, as the traffic could be going through the same routers and just taking different L2 paths.

URPF ultimately reduces all antispoofing problems to routing problems, which are much better understood. If you still get antispoofing drops after enabling it, it means you need to fix your routing.

Reply
0 Kudos
Highlighted

Contributor

Could we add zones to the output?

Reply
0 Kudos

Participant

Hi Heiko, 

 

thanks for sharing with us the script. it is very helpful. 

when I am using the script on R80.30 kernel 3.10 

iam getting this errors 

 

ANTISPOOFING ENABLED: sort: options '-gn' are incompatible
 ANTISPOOFING MODE: sort: options '-gn' are incompatible
DETECT
 ANTISPOOFING TOPO: sort: options '-gn' are incompatible
Internal
 ADDRESS SPOOFING NETWORKS:
sort: options '-gn' are incompatible

 

how can we fit the script for R80.30 version ? 

 

Thx in advance. 

 

Vitali 

Reply
0 Kudos
Highlighted

Admin
Admin

Our versions using the 3.10 kernel have different userspace binaries, some of which might have different options (thus why this script is failing).

Reply
0 Kudos
Highlighted

Explorer

Hello Vitali,

This error messages occures, because the sort options are not anymore correct. Use "sort -g" instead of "sort -ng"

 

Regards Florian

Reply
0 Kudos