Linux Kernal Tidbits

-------------------------------------------------

What is IP address spoofing?

IP spoofing is a method adopted by attacker's to send forged source address in their attack traffic.Which means they can send an IP packet with an IP address of their wish.

Most of the time's spoofing is used by an attacker mainly for the following reasons.

To conduct a DDOS attack ,and he does not want the response from the target machine to reach him

To compromise source based authentication

Spoofing can be controlled to a cerain extent by using Reverse Path filtering(not fully although).

What is reverse path filtering?

Reverse path filtering is a mechanism adopted by the Linux kernel, as well as most of the networking devices out there to check whether a receiving packet source address is routable.

So in other words, when a machine with reverse path filtering enabled recieves a packet, the machine will first check whether the source of the recived packet is reachable through the interface it came in.

If it is routable through the interface which it came, then the machine will accept the packet

If it is not routable through the interface, which it came, then the machine will drop that packet.

Latest red hat machine's will give you one more option. This option is kind of liberal in terms of accepting traffic.

If the recieved packet's source address is routable through any of the interfaces on the machine, the machine will accept the packet.

Original

------------------------------------------------------