A method and system is disclosed for preventing an address spoofing based attack from a private network. The private network has at least one host and at least one router connected therein for transporting at least one packet. An anti-spoofing filter is implemented in each interface of every router. When a packet is received on the interface, the filter determines whether the packet is address spoofed by comparing its source physical address derived from the received packet with expected physical address derived from interface IP address, a subnet mask of the interface, an ARP cache of the interface and a list of physical addresses of neighboring routers formed a priori If the packet is determined to be address spoofed, the received packet is discarded by the filter on the interface.