< Home

Verifying the Source IPv4 Address

Source IP address verification helps defend against attacks, such as IP spoofing.

Context

IP spoofing enables an attacker changes its own IP address into that of an intranet user or a trusted external user to obtain information without authorization.

Source IP address verification: After receiving an IP packet, an interface verifies the source IP address of the packet. If the source IP address does not belong to the network segment on which the interface resides, the packet is discarded; otherwise, the packet is allowed to pass. Source IP address verification helps defend against IP spoofing attacks.

Procedure

  1. Access the system view. 

    system-view

  2. Access the interface view. 

    interface interface-type interface-number

  3. Enable source IP address verification on the interface. 

    ip verify source-address

    By default, the function is disabled on all interfaces.

    If the source IP address of a received packet contains a 31-bit mask, a node considers an IP address with a 31-bit mask valid, without checking the source IP address.

Parent Topic: Improving IPv4 Performance
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >