Extended Cluster Anti-Spoofing checks what value to determine if a packet with the source IP of
a gateway in the cluster is being spoofed?
A.
The destination IP of the packet.
B.
The source MAC address of the packet.
C.
The source IP of the packet.
D.
The packet has a TTL value of less than 255.
D. The packet has a TTL value of less than 255
sk42652
Once the cluster Extended Anti-Spoofing is enabled, the TTL is changed in outbound packets related to local connections in case the Source IP address and the Destination IP address are cluster member IP addresses.
Anti-Spoofing check in the cluster is checking that TTL field in IP-packets between cluster members (Source IP address = IP address of the cluster member or the Virtual IP ; Destination IP address = not relevant) has the value of 255 (this check does not apply to Multicast packets and IGMP protocol).
0
0
Kernel Debug (FW module , flag ‘drop’) shows:
…dropped by fw_cluster_ttl_anti_spoofing Reason: ttl check drop
0
0