Manualshelf

User guide

ManualsBrandsWatchguard ManualsComputer equipmentFirebox X1000
151152153154155156157158159160
Default Packet Handling
User Guide 143
that the packet apparently originated from a host that is trusted, and
therefore doesn’t require validation or a password.
When you enable spoofing defense, the Firebox prevents packets with a
false identity from passing through to your network. When such a packet
attempts to establish a connection, the Firebox generates two log records.
One log record shows that the attacker’s packet was blocked; the other
shows that the attacker’s site has been added to the Blocked Sites list, a
compilation of all sites blocked by the Firebox.
You can block spoofing attacks using the Default Packet
Handling dialog box. From Policy Manager:
1 On the toolbar, click the Default Packet Handling icon,
shown at right.
You can also, from Policy Manager, select Setup => Default.
The Default Packet Handling dialog box appears, as shown in the
following figure.
2 Enable the checkbox marked Block Spoofing Attacks.
Blocking port space and address space attacks
Other methods that attackers use to gain access to networks and hosts are
known as probes. Port space probes are used to scan a host to find what
services are running on it. Address space probes scan a network to see