RV: IPspoofing

["Ing. Christian Julio Moldes C." <christian.moldes () advanceteam com bo>]

Edgar:


First, do not send this type of e-mails from your corporate account. Since
this list is read by thousands of people, you may actually getting more
problems. Specially, if you just have announced a corporate vulnerability
and the lack of information security resources in your company.

Most firewalls provide enough protection against IP spoofing. You should
review your firewall functionality to activate this option.


Atentamente, / Best regards,

Christian Julio Moldes C.
CISM, CISSP, MCSE:Security, CISA, CCNA



-----Mensaje original-----
De: Edgar EZL. Zapata Lucas [mailto:ezapata () grupodetector com]
Enviado el: Martes, 04 de Octubre de 2005 04:04 a.m.
Para: security-basics () securityfocus com
Asunto: IPspoofing

We are concerned we are subject to dDOS attacks or any other like social
eng, spoofing or password guessing.
We have little evidence, but want to be protected.

Since we have very little experience in security issues, how can we protect
-at a practical level- against a let's say IP spoofing attack?
I know I can set up filters to drop external packets with internal source
addresses, but I need to possitively prevent this issue at a practical
level.
Have no idea where to start.  

Any help will be much appreciated.

Thanks and regards.


Edgar Zapata Lucas
IT Department.  CCNA - MCP
Departamento de Sistemas
DETECTOR, S.A.
Tel:  +34-91 490 30 30
Fax: +34 91 662 67 04
www.grupodetector.com
ezapata () grupodetector com

Este mensaje puede contener información confidencial y/o privilegiada.
Si Vd. no es el destinatario de este mensaje o ha recibido este mensaje por
error, por favor, informe inmediatamente al emisor y destruya este mensaje.
Está estrictamente prohibido por la legislación vigente realizar sin
autorización cualquier copia, revelación o distribución de este mensaje. Las
opiniones expresadas en este correo son las de su autor y DETECTOR, S.A. no
se responsabiliza de su contenido.

This e-mail may contain confidential and/or privileged information.
If you are not the intended recipient (or have received this e-mail in
error), please notify the sender immediately and destroy this e-mail. Any
unauthorised copying, disclosure or distribution of the material in this
e-mail is strictly forbidden by current legislation. The points of view
expressed in this e-mail are solely those of the author and may not
necessarily be from, or supported by, the company. DETECTOR S.A. neither
assumes obligations nor accepts liability for the content of this e-mail,
unless that information is subsequently confirmed by writing by a duly
authorised representative


---
[This E-mail was scanned for viruses by the Santa Cruz BBS anti-virus
system]