IP Spoofing

IP spoofing refers to the creation of IP packets with a forged source IP address.

To hide the identity of the sender or impersonate another network system.
Spoofing IP datagrams is a well-known problem.
Most spoofing is done for illegitimate purposes.

Preventing IP Spoofing at Layer 3

Deny external traffic with:

IP source equal to protected network IP ranges.
IP source is equal to private addresses.
Multicast destinations.

Reverse Path Verification.

Deny traffic where the source IP network is not reachable using the interface where the packet arrived.

Preventing IP Spoofing at Layer 2

To prevent IP spoofing attacks by restricting IP traffic on untrusted Layer 2 ports to clients with an assigned IP address.

Works by filtering IP traffic with a source IP address other than that assigned via Dynamic Host Configuration Protocol (DHCP) or static configuration on the untrusted Layer 2 ports.

Works in combination with the DHCP and is enabled on untrusted Layer 2 ports.

PreviousBest Practices and Recommendations NextHalf-Open TCP Connection Problem

Last updated 1 year ago