beautypg.com

2 urpf configuration task sequence – QTECH QSW-8300 Инструкция по настройке User Manual

Page 139

background image

+7(495) 797-3311 www.qtech.ru

Москва, Новозаводская ул., 18, стр. 1

138

address as the destination address which is acquired from the packet. If the found router exit

interface does not match the entrance interface acquired from this packet, the switch will

consider this packet a fake packet and discard it.

In Source Address Spoofing attacks, attackers will construct a series of messages with fake

source addresses. For applications based on IP address verification, such attacks may allow

unauthorized users to access the system as some authorized ones, or even the administrator.

Even if the

response messages can’t reach the attackers, they will also damage the targets.

URPF application situation

In the above figure, Router A sends requests to the server Router B by faking messages

whose source address are 2.2.2.1/8 .In response, Router B will send the messages to the
real ”2.2.2.1/8”. Such illegal messages attack both Router B and Router C. The application of

URPF technology in the situation described above can avoid the attacks based on the Source

Address Spoofing.

16.4.2 URPF Configuration Task Sequence

Enable URPF

Display and debug URPF relevant information

1. Globally enable URPF

Command

Explanation

Global mode

urpf enable

no urpf enable

Globally enable and disable URPF.

2. Display and debug URPF relevant information

Command

Explanation

Admin and Config Mode

show urpf

Display which interfaces have been enabled

with URPF function.

Router A

Router B

Router C

1.1.1.8/8

2.2.2.1/8

Source IP

2.2.2.1/8