Re: Anti-Spoofing

To: tech-net%netbsd.org@localhost
Subject: Re: Anti-Spoofing
From: is%netbsd.org@localhost
Date: Fri, 2 Sep 2011 10:43:44 +0200

On Wed, Aug 31, 2011 at 05:08:59PM +0200, Edgar Fuß wrote:
> I was thinking about how to catch spoofed datagrams that pretend
> to originate from my own address.
> 
> How does the kernel deal with datagrams arriving on the wire (or
> on a VLAN) that have my own IP as the originating IP?

at the driver level and higher: in regular operation, it sees all multicast
and broadcast originating from itself. If the hardware is SIMPLEX, that is,
it can't hear itself, the driver emulates this in software (for known
protocols, like IP, that depend on this).

See <net/if.h>:

#define IFF_SIMPLEX     0x0800          /* can't hear own transmissions */

and lines in ethersubr, tokensubr, fddisubr, etc. that match 

In your filter rules, you would at least need to add exceptions for 
multicast packets.

Regards,
        -is

Follow-Ups:
- Re: Anti-Spoofing
  - From: Edgar Fuß

References:
- Anti-Spoofing
  - From: Edgar Fuß

Prev by Date: RFC 4638
Next by Date: sending ICMP redirects for multiple on-interface nets
Previous by Thread: Anti-Spoofing
Next by Thread: Re: Anti-Spoofing
Indexes:

Home | Main Index | Thread Index | Old Index