User`s guide

ManualsBrandsZhone ManualsComputer equipmentHotwire 5446

IP Filtering

7-5

8000-A2-GB21-10

June 1997

In the following illustration, ES2 spoofs ES1’s IP address (that is, ES2 assumes

ES1’s IP address of 155.1.3.4):

97-15477-0

Router

155.1.2.1

155.1.3.1

ISP1

155.1.2.2

DSL Card

155.1.3.2

RTU 1

135.1.3.3

155.1.3.4

ES1

s1c

s1d

RTU 2

135.1.3.5

155.1.3.4

ES2

ES2 spoofing

ES1’s address

1) 155.1.3.4

2) 155.1.3.4

3) 155.1.3.6

4) 155.1.3.6

155.1.3.1

135.1.3.3

155.1.3.1

135.1.3.5

Host/Net/Subnet Subnet Mask

255.255.255.255

Next-Hop Address S/D (Source/Destination)

src (source)

dst (destination)

src (source)

dst (destination)

DSL Routing Table

With no input filtering on the DSL ports, ES2 can successfully send traffic to the

ISP identifying itself as ES1 (155.1.3.4).

Now, consider that the following filter rules are applied to s1d:

IP Address

Subnet Mask Source/Destination Action

155.1.3.6 255.255.255.255 Source Forward

Default — — Discard

With these filter rules active on s1d, when ES2 tries to send packets to ISP1, the

filter on the DSL card blocks the packets from being forwarded, because only

packets with a source IP address of 155.1.3.6 are forwarded.