Score:0

Is ingress filtering described in RFC2827 implemented in most routers? How does such implementation look like?

us flag

RFC 2827 describes the idea of ingress filtering that is meant to deal with DOS attacks that utilize IP spoofing:

An input traffic filter on the ingress (input) link of "router 2", which provides connectivity to the attacker's network, restricts traffic to allow only traffic originating from source addresses within the 204.69.207.0/24 prefix, and prohibits an attacker from using "invalid" source addresses which reside outside of this prefix range.

Is such filtering implemented in every router that firmware such as openWRT supports? Would anybody be so kind and provide me with a relevant snippet of code that provides for such filtering. Was there ever a documented case of an attack that utilized IP spoofing along with a tweak in the firmware of the attacker's router that allowed for the lack of said filtering.

Ron Maupin avatar
us flag
That RFC is a "Best Current Practice" not a "Standards Track" RFC. It is not a requirement in _[RFC 1812, Requirements for IP Version 4 Routers](https://www.rfc-editor.org/rfc/rfc1812.html)_.
Score:2
ar flag

Is such filtering implemented in every router that firmware such as openWRT supports?

Not every router supports ACLs. Many do, and to filter by source address a simple ACL is enough. You don't have to support stateful filtering, so it's cheap to implement. But there's no inherent requirement in IP that routers supports filtering.

As Drop traffic is commonly the default policy for a firewall, this can be achieved simply with a permit matching the desired source addresses. Traffic not matching that rule will be dropped by default policy if that is drop.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.