Overview URPF

On the current Internet, many network attacks make use of the false source IP address attack packet. On one hand, it can avoid own IP address from being tracked; on the other hand, the source IP address of the packet, like Land and Smurf attack, is the IP address of the attack object. To limit the damage caused by the false source address attack and track the attack source, put forward to filter the false source IP address traffic on ISP or edge network access device in rfc2827 and rfc3704, suppressing the attack at the source of generating the attack packet.

The main function of URPF (Unicast Reverse Path Forwarding) is to prevent the network attack action based on the false source address spoofing. During the packet forwarding, perform the reverse route table searching for the source address of the packet and judge whether to permit the packet to pass according to the searching result of the route table, so as to prevent the IP address spoofing, especially valid for the DoS (Denial of Service) attack of the false source address. The URPF check has two modes, that is, strict and loose.

The network attack already causes the serious threat for the network security. URPF filters the network attack packet of the false source IP address on the ISP or edge access device, so as to suppress the damage caused by the network attack packet. It is one valid method of preventing the network attack.