Re: Anti-Spoofing

To: tech-net%netbsd.org@localhost
Subject: Re: Anti-Spoofing
From: Edgar Fuß <ef%math.uni-bonn.de@localhost>
Date: Mon, 5 Sep 2011 18:55:13 +0200

So to answer my own questions: At least on 3.1 (which was the easiest for me to 
test on):

1. The filter doesn't see unicast datagrams from me to me at all.
2. Both broadast or multicast datagrams from me are seen twice by the filter.
3. It works to use ``keep state'' with them.

I still don't know what happens to fake packets from outside pretending to be 
sent ``by me''. I hope they will be seen by the filter. If that's indeed the 
case, the following sould wok:

pass out on IF from ME to BCAST keep state
pass out on IF from ME to 224.0.0.0/24 keep state
block in quick on IF from ME to any

Follow-Ups:
- Re: Anti-Spoofing
  - From: Ignatios Souvatzis

References:
- Anti-Spoofing
  - From: Edgar Fuß
- Re: Anti-Spoofing
  - From: is
- Re: Anti-Spoofing
  - From: Edgar Fuß

Prev by Date: Re: Anti-Spoofing
Next by Date: Re: Anti-Spoofing
Previous by Thread: Re: Anti-Spoofing
Next by Thread: Re: Anti-Spoofing
Indexes:

Home | Main Index | Thread Index | Old Index