Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 2795 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Restrict unknown IP on trusted MAC explanation

MakoRantz

Is it just me or is the Sophos XG manual poorly written?

I have a long list of errata's I've been making in general but to me it doesn't seem to aim itself at either a novice network or network professional.

 

Example. Page 120 DoS & spoof protection

It mentions the 'Restrict unknown IP on trusted MAC' option which drops packets which have a unknown IP for a known MAC address. Now isn't this the same things as the IP-MAC filter ?? Why have both options what is the difference ?? Is this a redundant check box as this provides the same function?

Then we have IP spoofing which states: If the source IP address of a packet does not match any entry on the firewall's routing table etc the packet is dropped ?? Well surely it will match any entry on most firewall routing tables due to the 0.0.0.0 route which is naturally added ?

 

Please point out where I'm misunderstanding this ?

 

Thanks

Ed



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    To prevent spoofing attacks, you can restrict traffic to only that which matches recognized IP addresses, trusted MAC addresses, and IP–MAC pairs. You can also set traffic limits and flags to prevent DoS attacks and create rules to bypass DoS inspection. The firewall logs dropped traffic.

    • To protect against spoofing attacks, select Enable spoof prevention, specify settings and zones, and click Apply. To drop traffic from an unknown IP address on a trusted MAC address, select Restrict unknown IP on trusted MAC.
    • To add a trusted MAC address, scroll to Spoof protection trusted MAC and click Add. To import addresses, click Import.
    • To protect against DoS attacks, scroll to DoS settings, specify settings, and click Apply. To view the current status of DoS attacks, click the link provided.
    • To bypass DoS inspection for a specified IP address or port, scroll to DoS bypass rule and click Add.

    Specify the type of spoof prevention and the zones that you want to protect.

    IP spoofing
    If the source IP address of a packet does not match any entry on the firewall’s routing table or if the packet is not from a direct subnet, the firewall drops the packet.

    MAC filter
    If the packet does not specify a MAC address that is listed as a trusted MAC address, the firewall drops the packet.
    NoteTo select MAC filter, you need to add at least one trusted MAC address.

    IP–MAC pair filter
    An IP–MAC pair is a trusted MAC address that is bound to an IP address. For a match to occur, both the IP and MAC address of an incoming packet must match an IP–MAC pair. If either the IP or MAC address does not match any pair, the firewall drops the packet.

    Spoof protection trusted MAC

    Use trusted MAC addresses with the MAC filter setting to allow traffic for specified hosts.

    When you bind a trusted MAC address to an IP address, the firewall matches traffic with the IP–MAC pairs and filters traffic based on the settings specified for the IP–MAC pair filter.

Reply
  • 0

    Hi  

    To prevent spoofing attacks, you can restrict traffic to only that which matches recognized IP addresses, trusted MAC addresses, and IP–MAC pairs. You can also set traffic limits and flags to prevent DoS attacks and create rules to bypass DoS inspection. The firewall logs dropped traffic.

    • To protect against spoofing attacks, select Enable spoof prevention, specify settings and zones, and click Apply. To drop traffic from an unknown IP address on a trusted MAC address, select Restrict unknown IP on trusted MAC.
    • To add a trusted MAC address, scroll to Spoof protection trusted MAC and click Add. To import addresses, click Import.
    • To protect against DoS attacks, scroll to DoS settings, specify settings, and click Apply. To view the current status of DoS attacks, click the link provided.
    • To bypass DoS inspection for a specified IP address or port, scroll to DoS bypass rule and click Add.

    Specify the type of spoof prevention and the zones that you want to protect.

    IP spoofing
    If the source IP address of a packet does not match any entry on the firewall’s routing table or if the packet is not from a direct subnet, the firewall drops the packet.

    MAC filter
    If the packet does not specify a MAC address that is listed as a trusted MAC address, the firewall drops the packet.
    NoteTo select MAC filter, you need to add at least one trusted MAC address.

    IP–MAC pair filter
    An IP–MAC pair is a trusted MAC address that is bound to an IP address. For a match to occur, both the IP and MAC address of an incoming packet must match an IP–MAC pair. If either the IP or MAC address does not match any pair, the firewall drops the packet.

    Spoof protection trusted MAC

    Use trusted MAC addresses with the MAC filter setting to allow traffic for specified hosts.

    When you bind a trusted MAC address to an IP address, the firewall matches traffic with the IP–MAC pairs and filters traffic based on the settings specified for the IP–MAC pair filter.

Children