Blocking spoofed addresses
IP spoofing is a very common technique used by attackers to send malicious packets to a server computer. It is the process of creating IP packets with a forged IP address. This is mainly used for performing attacks like Denial of Service (DoS) attacks.
Getting ready
If we wish to block spoofed IP addresses, we need to have a list of those IP address or the domain names from where these spoofed connections are trying to connect.
How to do it...
We will try to create a basic rule set of iptables, using which we will restrict all the incoming packets, except for those that are necessary for us:
- The first step will be to create a rule to allow access to the loopback interface so that the services on the system can communicate properly with each other locally. The command to do so is as follows:
iptables -A INPUT -i lo -j ACCEPT
This is necessary for the system to function properly.
- Next, we will create the rule for the outbound connections that have been initiated by our system...
