tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]


I was thinking about how to catch spoofed datagrams that pretend to originate 
from my own address.

How does the kernel deal with datagrams arriving on the wire (or on a VLAN) 
that have my own IP as the originating IP?

On the other hand, how often will ipf see a datagram that I send to myself (or 
to the broadcast address)?
Woud something like
        pass out on IF from IP to IP keep state
        pass out on IF from IP to BCAST keep state
        block in on IF from IP to any

Home | Main Index | Thread Index | Old Index