[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Source Address Verification

On Fri, Mar 22, 2002 at 02:11:52PM +0100, Christian Bailleul wrote:
> Can anybody explain me what exactly Source Address Verification does.  I know 
> how to set it up and what the purpose is, but how does it actually work ?

Do you mean "back route verify"? In this case it is a simple check: a packet
with a given ip address can only arrive o a given interface, if the network
which originated that package is listed to be reachable over the interface.
Trivial case:

if you receive a packet from on eth1 (internet) the router will
look in it's routing table and find, that 10.0.0.x is connected to eth0
(LAN). In this case he will not process the packet from since he
can be quite shure, that someone on the internat tries to spoof this packet,
cause he does not sit on the lan. This is automatic ingress filtering and
only works in static route situations.


Reply to: