Filter
Top Products
DES-7200 Configuration Guide Chapter 6 URPF Configuration
6-1
6 URPF Configuration
6.1 Introduction to URPF
6.1.1 Overview
In recent years, frequent DOS (Denial of service) attacks caused by forged source address are
bringing about many troubles to ISPs and network maintenance.
Fig. 1 shows a common scenario of using forged source address to perform DOS attacks:
Fig 1 Scenario of source address based attacks
The attacker initiates attacks by sending messages with forged real source address of 11.0.0.1,
making the server to send excessive SYN/ACK messages to the host unrelated to this attack,
and the host with real source address is also affected. What's worse, if the network
administrator identifies that this address is related to the attack on the network and discards all
data streams from this source address, the denial of service to the source address is hence
incurred.
The emergence of URPF (Unicast Reverse Path Forwarding) well addresses the above
problem.
It is known that during message forwarding, the forwarding table is looked up according to the
destination address contained in the IP message received, and the message is forwarded