2 urpf configuration task sequence – QTECH QSW-8300 Инструкция по настройке User Manual
Page 139
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
138
address as the destination address which is acquired from the packet. If the found router exit
interface does not match the entrance interface acquired from this packet, the switch will
consider this packet a fake packet and discard it.
In Source Address Spoofing attacks, attackers will construct a series of messages with fake
source addresses. For applications based on IP address verification, such attacks may allow
unauthorized users to access the system as some authorized ones, or even the administrator.
Even if the
response messages can’t reach the attackers, they will also damage the targets.
URPF application situation
In the above figure, Router A sends requests to the server Router B by faking messages
whose source address are 2.2.2.1/8 .In response, Router B will send the messages to the
real ”2.2.2.1/8”. Such illegal messages attack both Router B and Router C. The application of
URPF technology in the situation described above can avoid the attacks based on the Source
Address Spoofing.
16.4.2 URPF Configuration Task Sequence
Enable URPF
Display and debug URPF relevant information
1. Globally enable URPF
Command
Explanation
Global mode
urpf enable
no urpf enable
Globally enable and disable URPF.
2. Display and debug URPF relevant information
Command
Explanation
Admin and Config Mode
show urpf
Display which interfaces have been enabled
with URPF function.
Router A
Router B
Router C
1.1.1.8/8
2.2.2.1/8
Source IP
:
2.2.2.1/8