First page Back Continue Last page Summary Graphics

Source Address Spoofing


There are several major classes of source addresses you should deny on your external interface in all cases. These are incoming packets claiming to be from the following:
Your IP address
Your LAN addresses
Class A, B, and C private IP addresses
Class D multicast IP addresses
Class E reserved IP addresses: Loopback interface addresses
Malformed broadcast addresses
Class A network 0 addresses
Link local network addresses: DHCP clients sometimes assign themselves a link local address when they can’t get an address from a server. These addresses range from to
TEST-NET addresses: The address space from to is reserved for test networks.