The concept of anti-spoofing aims to detect and drop packets with a bogus (FALSE) source address. By using Anti-Spoofing, we can determine if a packet with an IP address concealed behind a certain interface is actually arriving from a different interface. A packet from an external network with an internal IP address, for example, would automatically be blocked by Anti-Spoofing. It ensures that packets are going to and coming from the correct INTERFACES on the SECURITY gateway.

Example:

In the following diagram, a Security Gateway is shown with interfaces 2, 3, and 4, as well as some example networks.

When Anti-Spoofing is enabled on the Security Gateway, it ensures that:

• All incoming packets coming to interface 2 should be from the Internet (1)
• All incoming packets coming to interface 3 should be from 192.168.33.0
• All incoming packets coming to interface 4 should be from 192.0.2.0 or 10.10.10.0

Packets with source IP addresses in network 192.168.33.0 that arrive at interface 2 or 4 are blocked since the source address has been spoofed.