Blocking spoofed addresses
IP spoofing is a very common technique used by attackers to send malicious packets to a computer server. This is the process of creating IP packets with a forged IP address. It is mainly used for attacks such as Denial of Service (DoS).
Getting Ready
If we wish to block a spoofed IP address, we need to have a list of IP addresses or domain names from where these spoofed connections have been trying to connect.
How to do it...
We will try to create a basic ruleset of iptables through which we will restrict all incoming packets, except those that are necessary for our usage:
The first step is to create a rule to allow access to the loopback interface so that services on the system can communicate properly with each other locally. The command to do this is as follows:
iptables -A INPUT -i lo -j ACCEPT
This is necessary for the system to function properly.
Next, we create a rule for outbound connections that have been initiated by our system:
iptables -A INPUT -m conntrack...
