Segurança Em Redes De Comunicações

IP Spoofing

IP spoofing refers to the creation of IP packets with a forged source IP address.

  • To hide the identity of the sender or impersonate another network system.

  • Spoofing IP datagrams is a well-known problem.

  • Most spoofing is done for illegitimate purposes.

Preventing IP Spoofing at Layer 3

Deny external traffic with:

  • IP source equal to protected network IP ranges.

  • IP source is equal to private addresses.

  • Multicast destinations.

Reverse Path Verification.

  • Deny traffic where the source IP network is not reachable using the interface where the packet arrived.

Preventing IP Spoofing at Layer 2

To prevent IP spoofing attacks by restricting IP traffic on untrusted Layer 2 ports to clients with an assigned IP address.

Works by filtering IP traffic with a source IP address other than that assigned via Dynamic Host Configuration Protocol (DHCP) or static configuration on the untrusted Layer 2 ports.

Works in combination with the DHCP and is enabled on untrusted Layer 2 ports.

PreviousBest Practices and RecommendationsNextHalf-Open TCP Connection Problem

Last updated