15 urpf configuration, Urpf overview, What is urpf – H3C Technologies H3C S7500E Series Switches User Manual
Page 263: How urpf works, Urpf configuration
15-1
15
URPF Configuration
When configuring URPF, go to these sections for information you are interested in:
z
z
The term “router” in this document refers to a router in a generic sense or a Layer 3 switch.
URPF Overview
What is URPF
Unicast Reverse Path Forwarding (URPF) protects a network against source address spoofing
attacks.
Attackers launch attacks by creating a series of packets with forged source addresses. For
applications using IP-address-based authentication, this type of attacks allows unauthorized users to
access the system in the name of authorized users, or even access the system as the administrator.
Even if the attackers cannot receive any response packets, the attacks are still disruptive to the
attacked target.
Figure 15-1 Attack based on source address spoofing
As shown in
, Router A originates a request to the server (Router B) by sending a packet
with a forged source IP address of 2.2.2.1/8, and Router B sends a packet to Router C at 2.2.2.1/8 in
response to the request. Consequently, both Router B and Router C are attacked.
URPF can prevent source address spoofing attacks.
How URPF Works
URPF provides two check modes: strict and loose. In addition, it supports ACL check, link layer check,
and default route check.
URPF works as follows: