[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netbsd-tech-net
Subject:    Anti-Spoofing
From:       Edgar_Fuß <ef () math ! uni-bonn ! de>
Date:       2011-08-31 15:08:59
Message-ID: E90B7F48-7B31-47BE-8E8F-4D39FFA6FCE2 () math ! uni-bonn ! de
[Download RAW message or body]

I was thinking about how to catch spoofed datagrams that pretend to originate from my \
own address.

How does the kernel deal with datagrams arriving on the wire (or on a VLAN) that have \
my own IP as the originating IP?

On the other hand, how often will ipf see a datagram that I send to myself (or to the \
broadcast address)? Woud something like
	pass out on IF from IP to IP keep state
	pass out on IF from IP to BCAST keep state
	block in on IF from IP to any
work?


[prev in list] [next in list] [prev in thread] [next in thread]