Dealing with IP Spoofing

Question

Border routers, which are routers that span two or more sub networks, can be configured to block packets from outside their administrative domain that have source addresses from inside that domain.

Source: Introduction to computer security(Michael_Goodrich,_Roberto_Tamassia under Network Serucrity chapter 5 (Dealing with ip spoofing))

What does it mean, in layman terms?

score 12 · Accepted Answer · answered Feb 10 '19 at 18:34

12

It means that a packet received from outside the local network could have a source address of the inside network. That would be for a malicious purpose. The router could be configured to check the source address to see if it is received on the correct interface. Receiving a packet with the source address from the inside network on an outside interface would not pass the test.

answered Feb 10 '19 at 18:34

Ron Maupin

99,565
26
120
195

2

This is a special case of Reverse Path Filtering, no? Reverse Path Filtering means that the router rejects any packet that comes in on an interface where if I wanted to reply to the source address, the packet would not go out via that interface. – Jörg W Mittag Feb 10 '19 at 22:01
2

Yes. Cisco has three modes of uRPF. See Understanding Unicast Reverse Path Forwarding. – Ron Maupin Feb 10 '19 at 22:07

Dealing with IP Spoofing

1 Answers1