IP Spoofing is when an attacker changes the source IP address of packets to hide its true origin. By changing the source address in this manner an attacker might as an example carry out a DoS, Man in the Middle or a Syn-Flooding attack all of which can wreck your network while placing the integrity of your data at risk.
Ingress filtering (outlined on RFC 3704 update to RFC 2827) can be performed using an ACL which checks the source IP address of all incoming packets and drops any IP address that belongs to the IPv4 private IP addresses scheme (outlined in RFC 1918) on the outside interface of the edge router or firewall. Egress is simply the opposite which prevents IPv4 private IP addresses from exiting the network.

Continue reading