This test checks that customers cannot send packets with spoofed IPv4 or MAC source. To prevent such spoofing, when a packet is received on the access port, it must be verified that the source IPv4 and MAC addresses are both correct, and if they are not the packet must be dropped.
Note: To make sure that an assigned IP address is correct, the switch typically learns what IP address has been assigned to which switch port by intercepting DHCP signaling between the customer host and the DHCP server (called DHCP snooping).
The IP/MAC source spoofing test is applicable to Layer 3 networks, as the customer Test Agent sends an IP address in an ARP request to get the MAC address of the default gateway, a procedure which resembles the behavior of a normal user.
Impact: DoS, Abuse
- Malicious sends packet with genuine MAC and IP.
- Malicious sends packet with Customer's MAC and IP.
- Malicious sends packet with random MAC and IP.
- Malicious sends packet with random MAC and genuine IP.
- A packet with non-genuine IPv4 or MAC address arrives at ISP or Customer.
This test conforms to SEC Access Certification ID "SEC-V4-SPOOF-1".
- Malicious Customer: A customer interface performing malicious actions.
- Customer: One or more customers that Malicious customer will affect.
- ISP: A central node on a trusted port.
- Source UDP port: Source UDP port for traffic sent from Malicious to ISP or Customer. Range: 1 ... 65535. Default: 41234.
- Destination UDP port: Destination UDP port for traffic sent from Malicious to ISP or Customer. Range: 1 ... 65535. Default: 24567.