Anti-Spoofing

To: tech-net%NetBSD.org@localhost
Subject: Anti-Spoofing
From: Edgar Fuß <ef%math.uni-bonn.de@localhost>
Date: Wed, 31 Aug 2011 17:08:59 +0200

I was thinking about how to catch spoofed datagrams that pretend to originate 
from my own address.

How does the kernel deal with datagrams arriving on the wire (or on a VLAN) 
that have my own IP as the originating IP?

On the other hand, how often will ipf see a datagram that I send to myself (or 
to the broadcast address)?
Woud something like
        pass out on IF from IP to IP keep state
        pass out on IF from IP to BCAST keep state
        block in on IF from IP to any
work?

Follow-Ups:
- Re: Anti-Spoofing
  - From: is

Prev by Date: Re: code for RFC 6056 - man page rfc6056.7
Next by Date: RFC 4638
Previous by Thread: code for RFC 6056 - man page rfc6056.7
Next by Thread: Re: Anti-Spoofing
Indexes:

Home | Main Index | Thread Index | Old Index