Monday, March 12, 2012

VPN Ingress filtering

Ingress filtering. A common denial-of-service attack involves an attacker sending a large number of IPpackets to a victim with an IP source address that isoutside the attacker's subnet. Ingress filtering is a technique that filters and drops such packets at the routerthat connects the attacker to the Internet [8]. Becauseit is expected that packets received from the VPNclient at the IPSS will have source addresses that areIP addresses from the enterprise subnet, any packetsthat have source IP addresses outside this subnet canbe dropped. This ingress filtering is possible becausethe encapsulated (inner) IP header is visible at theIPSS.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.