P
pini_kr
Guest
IP TTL spoofed packet block in hardware
I read recently, that some linux kernels have the ability to block spoofe
packets. Some hackers attack servers by sending many packets. They also pu
some fake data in the offending packets. The arrival of multiple packets
with a well known source IP, in the spoofed packet, causes many interrupt
in the server. This, in the best case, results with a degraded performance
Some kernels try to counter attack with an IP TTL block spoofed filter.
have decided to build such a filter in hardware. It would try to do the jo
in hardware, therefor offloads the kernel from this job. The idea is t
have two main states in hardware machine, per each incoming IP namely
learning and check. In the former the hardware machine will build a table
per each incoming source IP, where it will average the TTL values of th
packet. Once a programmable number of TTL values, for a given packet, hav
been studied, the hardware machine switches to check mode. During chec
mode, if a packet arrives and its TTL is outside an allowable range,
block packet indication is set. Such an implementation requires memory
With the way the design is implemented any memory smaller than 32 bit
addressable, for IPV4, can be used.
Is a block spoof IP filter in hardware is required? Please let me know wha
you think.
---------------------------------------
Posted through http://www.FPGARelated.com
I read recently, that some linux kernels have the ability to block spoofe
packets. Some hackers attack servers by sending many packets. They also pu
some fake data in the offending packets. The arrival of multiple packets
with a well known source IP, in the spoofed packet, causes many interrupt
in the server. This, in the best case, results with a degraded performance
Some kernels try to counter attack with an IP TTL block spoofed filter.
have decided to build such a filter in hardware. It would try to do the jo
in hardware, therefor offloads the kernel from this job. The idea is t
have two main states in hardware machine, per each incoming IP namely
learning and check. In the former the hardware machine will build a table
per each incoming source IP, where it will average the TTL values of th
packet. Once a programmable number of TTL values, for a given packet, hav
been studied, the hardware machine switches to check mode. During chec
mode, if a packet arrives and its TTL is outside an allowable range,
block packet indication is set. Such an implementation requires memory
With the way the design is implemented any memory smaller than 32 bit
addressable, for IPV4, can be used.
Is a block spoof IP filter in hardware is required? Please let me know wha
you think.
---------------------------------------
Posted through http://www.FPGARelated.com