Page 1 of 1

Stop router WAN IP address being spoofed

Posted: Fri Aug 15, 2014 7:14 pm
by tberg
I have client that is at a minimum, amplifying an attack.

Their router is setup as a NAT router with a single WAN and single LAN interface.
The firewall connections list shows many connections with its WAN IP address as the source address.
I put a firewall rule to log the connections. They are in the forward chain, the in and out interfaces are both the WAN interface, and the source MAC is that of the WAN default gateway.

Any suggestions on how to block forwarding of this traffic? I assume rp_filter yes would do it, but what other potential issues would it create?

Thank you,
Todd