RPF Is The Primary Mechanism Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

RPF is the primary mechanism to determine whether to drop or forward an incoming multicast packet. The packet is forwarded only if the check is successful, otherwise it is dropped.

For N/w traffic streaming down source tree, the RPF check mechanism work as follows:

The router examines the source address of the approaching multicast packet to decide whether the packet is reached through an interface that is on the reverse path back to the source.

If the packet reaches on the interface resulting back to the source, the RPF check is successful and the packet is sent forward.

If the RPF check fails the packet is dropped.

A multicast router determines which interface is on reverse path back to the source depending on the routing protocol that in use. In some case, the multicasting routing protocol maintains separate table & use it for RPF check.

For ex: Distance vector routing protocol (DVMRP).

Multicast route table

Network Interface S1 S0 E0

S2 S0

Packet arrived on wrong interface



Fig: RPF check fails

Preventing Spoofing using RPF

Most common attack seen on TCP/IP networks is IP spoofing. This attack is basically used for Denial-of-Service, Identity hiding, or to bypass firewalls and also to Access-Lists security rules. There are various techniques present to avoid IP spoofing. These techniques include ingress filtering, RPF, packets Authentication method etc.

Preventing IP spoofing using RPF:

RPF is the primary mechanism to determine whether to sent or drop an incoming multicast packet. This information used in conducting this checks varies depending on which of the following three RPF techniques:

Strict RPF

Loose RPF

Feasible RPF

Strict RPF: The router in the internet can receive multiple paths to each n/w prefix; it must select an optimal route for each destination prefix. It stores the selected route in its forwarding information base (FIB) for quick retrieval. A router employs strict RPF looks up the outgoing interface for the source address of the incoming datagram in the FIB & check it against the interface is arrived on. If they differ, the router considers the packet to be spoofed & drops it.

Loose RPF: loose RPF avoids the unwanted discarding of possibly valid packets by strict RPF. It was ignore the knowledge about the interface the packet arrived on& accepts packets upon finding the existence of a route in the FIB for the source IP address contained in the datagram.

Feasible RPF: Instead of consulting the FIB, strict RPF & loose RPF, it consults route information table of BGP. This contains the optimal routes for each prefix. Feasible RPF uses RIB to perform a test similar to the test performed by strict RPF on the FIB.

2) Network layer security threats associated with Mobile IP

The following are few network layer security threats associated with Mobile IP

denial-of-service attack

passive eavesdropping

session-stealing attack

replay attack

Denial-of-service attack

A denial-of-service (DOS) attack is an attack intentionally designed to disrupt the normal functioning of a system by destroying, modifying data, or by exhausting the system’s servers. The victim is then deprived of services such as e-mail or the temporary loss of all network connectivity and other services.

Nuisance packet attack (TCP SYN flooding) is a type of DOS attack which is quite difficult to avoid because the sender spoofs the source address. However, the service provider can use ingress filtering in routers to make sure the IP source address of a packet is authenticated before it is forwarded.

Another type of DOS attack excludes packets from flowing between two nodes. For example, an attacker on the path between the two nodes creates a false registration request, giving a personal IP address as the original for a mobile node.

Passive eavesdropping

Theft of information occurs when an attacker accesses network packets across the network to which he is attached (man-in-the-middle attack). Typically this is done by using network packet sniffers and routing and transport protocols. Common way of avoiding a passive eavesdropping (or theft-of-information) attack is encryption of data, avoiding the data from being accessed by unlicensed users. End-to-end encryption is the most thorough method of protecting the data.

Session-stealing attack

A session-stealing attack is an attack where the entire session is captured by the attacker who attacker pretends to be a legitimate node. The attacker waits for a correct or genuine node to authenticate itself and start an application session. The attacker then transmits number of nuisance packets to prevent the node from identifying that the session has been hijacked. End-to-end and link-layer encryption are the methods used to prevent the session stealing attacks.

3)Technical Cyber Security Alert TA10-238A

Microsoft Windows Insecurely Loads Dynamic Libraries

I. Description

Microsoft Windows supports dynamically linked libraries (DLLs) that are used when needed by an application. DLLs are typically loaded when the application is first initiated; however DLLs may be loaded and unloaded while the application is in process or in run. An application can request a DLL file in different ways, and Windows uses several search algorithms to detect DLL files. The interaction between the application and Windows can result in a DLL file being loaded from the present working directory of the application, instead of the the directory where the application is installed.

The present working directory could be the desktop, a mass storage device such as a USB key, a Windows media file share, or a Web DAV location. When a file connected with an application is opened, a DLL in the current directory as the file may be loaded. Although an attacker may not have permission to write to the Windows system or application directories, the attacker may be able to write a DLL to a directory used to store files, or the attacker could provide their own directory. Attacks against this type of vulnerability have been referred to as "binary planting.".

II. Impact

By placing a DLL with the correct name in the present working directory, an attacker could execute arbitrary code with the advantages of the application that loads the DLL.

III. Solution

Patches or updates may be required to run on the windows platform for individual applications