How to stop spoofing

Packet filtering is one defense against IP spoofing attacks. The gateway to a network should perform ingress filtering; blocking of packets from outside the network with a source address inside the network. This prevents an outside attacker spoofing the address of an internal machine. Ideally outgoing packets should also be filtered, dropping packets from inside the network with a source address that is not inside (egress filtering); this prevents an attacker within the network performing filtering from launching IP spoofing attacks against external machines.