Dealing with IP Spoofing












1
















Border routers, which are routers that span two or more sub networks,
can be configured to block packets from outside their administrative
domain that have source addresses from inside that domain.




Source: Introduction to computer security(Michael_Goodrich,_Roberto_Tamassia under Network Serucrity chapter 5 (Dealing with ip spoofing))



What does it mean, in layman terms?






routing ip ip-address







share|improve this question









New contributor




Henok Tesfaye is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

























    1
















    Border routers, which are routers that span two or more sub networks,
    can be configured to block packets from outside their administrative
    domain that have source addresses from inside that domain.




    Source: Introduction to computer security(Michael_Goodrich,_Roberto_Tamassia under Network Serucrity chapter 5 (Dealing with ip spoofing))



    What does it mean, in layman terms?






    routing ip ip-address







    share|improve this question









    New contributor




    Henok Tesfaye is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.























      1












      1








      1









      Border routers, which are routers that span two or more sub networks,
      can be configured to block packets from outside their administrative
      domain that have source addresses from inside that domain.




      Source: Introduction to computer security(Michael_Goodrich,_Roberto_Tamassia under Network Serucrity chapter 5 (Dealing with ip spoofing))



      What does it mean, in layman terms?






      routing ip ip-address







      share|improve this question









      New contributor




      Henok Tesfaye is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.













      Border routers, which are routers that span two or more sub networks,
      can be configured to block packets from outside their administrative
      domain that have source addresses from inside that domain.




      Source: Introduction to computer security(Michael_Goodrich,_Roberto_Tamassia under Network Serucrity chapter 5 (Dealing with ip spoofing))



      What does it mean, in layman terms?






      routing ip ip-address




      routing ip ip-address






      share|improve this question









      New contributor




      Henok Tesfaye is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question









      New contributor




      Henok Tesfaye is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question








      edited 3 hours ago









      Ron Maupin

      64.8k1367120




      64.8k1367120






      New contributor




      Henok Tesfaye is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 3 hours ago









      Henok TesfayeHenok Tesfaye

      1104




      1104




      New contributor




      Henok Tesfaye is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      Henok Tesfaye is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      Henok Tesfaye is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          1 Answer
          1






          active

          oldest

          votes


















          6














          It means that a packet received from outside the local network could have a source address of the inside network. That would be for a malicious purpose. The router could be configured to check the source address to see if it is received on the correct interface. Receiving a packet with the source address from the inside network on an outside interface would not pass the test.






          share|improve this answer
























          • +1 Clear and concise. On the way to accept it.

            – Henok Tesfaye
            3 hours ago













          • This is a special case of Reverse Path Filtering, no? Reverse Path Filtering means that the router rejects any packet that comes in on an interface where if I wanted to reply to the source address, the packet would not go out via that interface.

            – Jörg W Mittag
            19 mins ago











          • Yes. Cisco has three modes of uRPF. See Understanding Unicast Reverse Path Forwarding.

            – Ron Maupin
            13 mins ago











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "496"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          noCode: true, onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });






          Henok Tesfaye is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f56816%2fdealing-with-ip-spoofing%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          6














          It means that a packet received from outside the local network could have a source address of the inside network. That would be for a malicious purpose. The router could be configured to check the source address to see if it is received on the correct interface. Receiving a packet with the source address from the inside network on an outside interface would not pass the test.






          share|improve this answer
























          • +1 Clear and concise. On the way to accept it.

            – Henok Tesfaye
            3 hours ago













          • This is a special case of Reverse Path Filtering, no? Reverse Path Filtering means that the router rejects any packet that comes in on an interface where if I wanted to reply to the source address, the packet would not go out via that interface.

            – Jörg W Mittag
            19 mins ago











          • Yes. Cisco has three modes of uRPF. See Understanding Unicast Reverse Path Forwarding.

            – Ron Maupin
            13 mins ago
















          6














          It means that a packet received from outside the local network could have a source address of the inside network. That would be for a malicious purpose. The router could be configured to check the source address to see if it is received on the correct interface. Receiving a packet with the source address from the inside network on an outside interface would not pass the test.






          share|improve this answer
























          • +1 Clear and concise. On the way to accept it.

            – Henok Tesfaye
            3 hours ago













          • This is a special case of Reverse Path Filtering, no? Reverse Path Filtering means that the router rejects any packet that comes in on an interface where if I wanted to reply to the source address, the packet would not go out via that interface.

            – Jörg W Mittag
            19 mins ago











          • Yes. Cisco has three modes of uRPF. See Understanding Unicast Reverse Path Forwarding.

            – Ron Maupin
            13 mins ago














          6












          6








          6







          It means that a packet received from outside the local network could have a source address of the inside network. That would be for a malicious purpose. The router could be configured to check the source address to see if it is received on the correct interface. Receiving a packet with the source address from the inside network on an outside interface would not pass the test.






          share|improve this answer













          It means that a packet received from outside the local network could have a source address of the inside network. That would be for a malicious purpose. The router could be configured to check the source address to see if it is received on the correct interface. Receiving a packet with the source address from the inside network on an outside interface would not pass the test.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered 3 hours ago









          Ron MaupinRon Maupin

          64.8k1367120




          64.8k1367120













          • +1 Clear and concise. On the way to accept it.

            – Henok Tesfaye
            3 hours ago













          • This is a special case of Reverse Path Filtering, no? Reverse Path Filtering means that the router rejects any packet that comes in on an interface where if I wanted to reply to the source address, the packet would not go out via that interface.

            – Jörg W Mittag
            19 mins ago











          • Yes. Cisco has three modes of uRPF. See Understanding Unicast Reverse Path Forwarding.

            – Ron Maupin
            13 mins ago



















          • +1 Clear and concise. On the way to accept it.

            – Henok Tesfaye
            3 hours ago













          • This is a special case of Reverse Path Filtering, no? Reverse Path Filtering means that the router rejects any packet that comes in on an interface where if I wanted to reply to the source address, the packet would not go out via that interface.

            – Jörg W Mittag
            19 mins ago











          • Yes. Cisco has three modes of uRPF. See Understanding Unicast Reverse Path Forwarding.

            – Ron Maupin
            13 mins ago

















          +1 Clear and concise. On the way to accept it.

          – Henok Tesfaye
          3 hours ago







          +1 Clear and concise. On the way to accept it.

          – Henok Tesfaye
          3 hours ago















          This is a special case of Reverse Path Filtering, no? Reverse Path Filtering means that the router rejects any packet that comes in on an interface where if I wanted to reply to the source address, the packet would not go out via that interface.

          – Jörg W Mittag
          19 mins ago





          This is a special case of Reverse Path Filtering, no? Reverse Path Filtering means that the router rejects any packet that comes in on an interface where if I wanted to reply to the source address, the packet would not go out via that interface.

          – Jörg W Mittag
          19 mins ago













          Yes. Cisco has three modes of uRPF. See Understanding Unicast Reverse Path Forwarding.

          – Ron Maupin
          13 mins ago





          Yes. Cisco has three modes of uRPF. See Understanding Unicast Reverse Path Forwarding.

          – Ron Maupin
          13 mins ago










          Henok Tesfaye is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          Henok Tesfaye is a new contributor. Be nice, and check out our Code of Conduct.













          Henok Tesfaye is a new contributor. Be nice, and check out our Code of Conduct.












          Henok Tesfaye is a new contributor. Be nice, and check out our Code of Conduct.
















          Thanks for contributing an answer to Network Engineering Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f56816%2fdealing-with-ip-spoofing%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Callistus I

          Image
          Callistus I Res apud Vicidata repertae: Nativitas : unknown value ; Roma Obitus : 223 ; Roma Pontificatus 217–222 Praecessor : Zephyrinus Successor : Urbanus I Sanctus Callistus qui ieiunium instituit; e libro manu scripto Francogallico saeculo XIV Callistus (natus die ignoto; obiit anno 222), fuit episcopus Romae et Papa Ecclesiae Catholicae Romanae ab anno 217. Vita | Secundum adversarium suum, presbyterem, fuit Hippolytus Callistus, servus argentarii Christiani. Papae Zephyrino, Callistus Romae arcessivit. Callistus fuit primus diaconus ac dux catacumbae apud Viam Appiam, quae hodie Sancti Callisti appellatur. Pontificatus | Nexus externi | Vicimedia Communia plura habent quae ad Callistus I spectant. Fontes Latinae de papis usque ad annum 530 (Papa Felix IV) Liber pontificalis Opera Omnia .mw-parser-output .stipula{padding:3px;background:#F7F8FF;border:1px solid grey;margin:auto}.mw-parser-output .stipula td.cell1{bac...
          Read more

          Tabula Rosettana

          Image
          Tabula multilinguis Rosettana in Museo Britannico ostenditur. Tabula Rosettana, [1] etiam titulo OGIS 90 agnita, est stela decreto de rebus sacris in Aegypto anno 196 a.C.n. lato inscripta. Tabula iuxta Rosettam Aegypti, urbem in delta Nili et ad oram maris Mediterranei iacentem, anno 1799 a milite Francico reperta est. Inventio stelae, linguis duabus scripturisque tribus inscriptae, eruditis Instituti Aegypti statim nuntiata est; ibi enim iussu imperatoris Napoleonis eruditi omnium scientiarum (sub aegide Commissionis Scientiarum et Artium) properaverant cum expeditione Francica. Qua a Britannis mox debellata, tabula Rosettana Londinium missa hodie apud Museum Britannicum iacet. Textus Graecus cito lectus interpretationi textuum Aegyptiorum (in formis hieroglyphica et demotica expressorum) gradatim adiuvit. Denique textum plene interpretatus est Ioannes Franciscus Champollion. Ab opere eruditorum cumulativo coepit hodiernus scripturae hieroglyphicae linguaeque Aegyptiae a...
          Read more

          How to label and detect the document text images

          Image
          1 $begingroup$ This is what I mean as document text image: I want to label the texts in image as separate blocks and my model should detect these labels as classes. NOTE: This is how the end result should be like: The labels like Block 1, Block 2, Block 3,.. should be Logo, Title, Date,.. Others, etc. Work done: First approach : I tried to implement this method via Object Detection, it didn't work. It didn't even detect any text. Second approach : Then I tried it using PixelLink. As this model is build for scene text detection, it detected each and every text in the image. But this method can detect multiple lines of text if the threshold values are increased. But I have no idea how do I add labels to the text blocks. PIXEL_CLS_WEIGHT_all_ones = 'PIXEL_CLS_WEIGHT_all_ones' PIXEL_C...
          Read more