Ingress and egress filtering are firewall/network configuration methods that help to secure your system from Denial of service attacks. Ingress filtering controls the traffic thats entering your network, egress filtering is the same for traffic leaving your network. Using ingress filtering rulebase you can sort out all the spoofed packets heading for your network. No packets with private IP address should be allowed to pass the filter. This might block some none-malicious traffic, but ensures network safety. You can configure the filter to either just ignore the packet that has been detected as malicious or send it back to the source saying it has been denied.
Egress filtering restricts traffic not bearing an IP address of your network from heading out of your network. This ensures that your computer cannot be used as an amplifier for SMURF attacks. Of cause you can develop more complicated rulesets like limiting traffic by ports but just validating IP addresses for inbound and outbound traffic is almost foolproof and easiest way to prevent Ddos attacks.
You can use mixture of ingress and egress filtering for your maximum security or just stick to one of them. Ideally you wouldn’t need egress filtering if you have a perfect ingress filter as malicious packets can’t enter your network and thereby you can’t broadcast any spoofed packets. But we all know that nothing is perfect and it’s better to have more security, thereby I advise to implement both.
0 comments ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment