Preventing IP Spoofing and Optimizing Network Performance: The Power of Reverse Path Filtering and Split Access Routing.
Reverse Path Filtering (RPF) and Split Access Routing are two different networking techniques that serve different purposes.
RPF is a technique used to prevent IP address spoofing attacks by checking the source IP address of a packet against the routing table of the receiving device. It determines whether the packet has arrived on the correct interface by comparing the source IP address with the interface through which the packet was received. If the source IP address is not reachable through the same interface, the packet is dropped as it is considered a spoofed packet.
Split Access Routing, on the other hand, is a technique that is used to route traffic to different gateways based on the destination IP address or other criteria. It allows a network to be segmented into multiple subnets, each with its own gateway, and enables devices in different subnets to communicate with each other. This technique is useful in optimizing network performance and load balancing.
While RPF and Split Access Routing are different techniques, they can be used together in some scenarios. For example, in a network that uses split access routing, RPF can be used to prevent spoofed packets from being forwarded between subnets. By using both tech together, server can ensure source based routing for the packets only originate from legitimate sources, thus preventing any spoofing attacks that could potentially bypass the split access routing.
Is reverse path(rp_filter) is enabled in Linux?
cat /proc/sys/net/ipv4/conf/default/rp_filter
OR
cat /proc/sys/net/ipv4/conf/*/rp_filter|egrep "default|all"Output boolean value indicates its enabled or not, if its 0 — no source validation, 1 — kernel will do source validation by confirming reverse path
Is packets dropped by rp_filter ?
netstat -s | grep Filterrp_filter logs
sysctl -w net.ipv4.conf.all.log_martians=1
echo 1 >/proc/sys/net/ipv4/conf/all/log_martians
tail -f /var/log/messages | grep -B1 martian
OR
tail -f /var/log/syslog | grep -B1 martianEnabling rp_filter
vim /etc/sysctl.conf
net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.default.rp_filter=1
sysctl -p #applying configSetting up split access routing for two(or more) subnet/ multi NICs
Creating two routing tables,
vim /etc/iproute2/rt_tables
252 Teth1
251 Teth2Next, routing rules
ip route add 172.16.1.0/24 dev eth1 src 172.16.1.233 table Teth1 ip route add default via 172.16.1.1 dev eth1 src 172.16.1.233 table Teth1 ip rule add from 172.16.1.233 table Teth1
ip route add 192.168.1.0/24 dev eth2 src 192.168.1.20 table Teth2 ip route add default via 192.168.1.1 dev eth2 src 192.168.1.20 table Teth2 ip rule add from 192.168.1.20 table Teth2ip route flush cache
#clear the routing table cache, forcing the system to rebuild the cache with fresh information.References :
