If it's a response of previously spoofed send SYN then it must've been SYN+ACK, and you can specify on your Firewall or Router to deny those SYN+ACK packets which have not been initialized from your Network.

Raw Diagram would be:

SYN+ACK -> (check if your network requested it) -> (if yes) -> then -> ALLOW
-> else (REJECT)

Regards,
---------
Muhammad Faisal Rauf Danka

Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk

Vice President
Pakistan Computer Emergency Responce Team (PakCERT)
web: www.pakcert.org

Chief Security Analyst
Applied Technology Research Center (ATRC)
web: www.atrc.net.pk

--- "NetWatch" <netwatchsagadc.de> wrote:
>>SNIP>>

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Promote your group and strengthen ties to your members with emailyourgroup.org by Everyone.net http://www.everyone.net/?btn=tag

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]