Kerio Tech Firewall6 User Manual

17.2 Special Security Settings

231

Figure 17.4

Security options — Anti-Spoofing and cutting down number of connections for one host

Anti-Spoofing

Anti-Spoofing checks whether only packets with allowed source IP addresses are received at

individual interfaces of the WinRoute host. This function protects WinRoute host from attacks

from the internal network that use false IP addresses (so called spoofing).

For each interface, any source IP address belonging to any network connected to the interface

is correct (either directly or using other routers). For any interface connected to the Internet

(so called external interface), any IP address which is not allowed at any other interface is

correct.

Detailed information on networks connected to individual interfaces is acquired in the routing

table.

The Anti-Spoofing function can be configured in the Anti-Spoofing folder in Configuration →
Advanced Options.

Enable Anti-Spoofing

This option activates Anti-Spoofing.

Log

If this option is on, all packets that have not passed the anti-spoofing rules will be logged

in the Security log (for details see chapter

22.11

).

Connections Count Limit

This function defines a limit for the maximum number of connections which can be established

from one local host (workstation) to the Internet. This feature can be set in the lower section

of the Security Settings under Configuration → Advanced Options. If sum of all connections
from a single host to individual servers in the Internet reaches the set value, WinRoute blocks

other connections.