6 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X

Source Address

Click on the red underlined text to get to the source

... 1. The IPv4 source address of the encapsulating ("outer") packet can be spoofed. ...

... 2. The IPv6 source address of the encapsulated ("inner") packet can be spoofed. ...

... decapsulator verifies that the IPv4 source address of the packet is the same as the address of the configured tunnel ...

... SA is bound to the IPv4 source address. This prevents threat (1) but not threat (2). IPsec ...

3. Scenarios and Overview

... The hosts in the site originate the packets with IPv6 source addresses coming from a well-known prefix, whereas the destination addresses ...

... router at Site B, and Router A could verify that the source address of the packet matches the prefix. Site B will not be able to do a similar verification ...

... Address verification prevents IPv6 source address spoofing completely. ...

5. IPsec Configuration Details

... RFC3884]. This mainly affects scenario (1). 3. Source address selection depends on the notions of routes and interfaces. This implies that the reachability ...

... interfaces (rather than configured in SPDs) for proper source address selection. If the IPsec tunnel mode ...

6. Recommendations

... applied to a tunnel interface. Source address spoofing can be limited by enabling ingress filtering ...

7. Security Considerations

... tunnel by spoofing the source address (data plane security), or if the tunnel is signaled ...

6 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X

Previous | Next

Frontpage | Contents | Keywords

RFC-Ref.org

Sister Sites

Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org