tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Anti-Spoofing
I was thinking about how to catch spoofed datagrams that pretend to originate
from my own address.
How does the kernel deal with datagrams arriving on the wire (or on a VLAN)
that have my own IP as the originating IP?
On the other hand, how often will ipf see a datagram that I send to myself (or
to the broadcast address)?
Woud something like
pass out on IF from IP to IP keep state
pass out on IF from IP to BCAST keep state
block in on IF from IP to any
work?
Home |
Main Index |
Thread Index |
Old Index