What do
you mean by "spoof my address"?
Excerpted from
http://openbsd.rt.fm/faq/pf/filter.html#antispoof
Quote:
Example: antispoof for fxp0 inet When a ruleset is loaded, any occurrences of the antispoof keyword are expanded into two filter rules. Assuming that interface fxp0 has IP address 10.0.0.1 and a subnet mask of 255.255.255.0 (i.e., a /24), the above antispoof rule would expand to: block in on ! fxp0 inet from 10.0.0.0/24 to any
block in inet from 10.0.0.1 to any These rules accomplish two things:
- Blocks all traffic coming from the 10.0.0.0/24 network that does not pass in through fxp0. Since the 10.0.0.0/24 network is on the fxp0 interface, packets with a source address in that network block should never be seen coming in on any other interface.
- Blocks all incoming traffic from 10.0.0.1, the IP address on fxp0. The host machine should never send packets to itself through an external interface, so any incoming packets with a source address belonging to the machine can be considered malicious.
|
Stateful tracking is by individual pass rule.
If you describe the attack, as you understand it, someone might be able to help you.