IP spoofing is a method of creating IP packets with a false source IP address header. This can be used for a website performance testing, simulating users that are accessing an online shop etc. This is also a commonly used method by hackers to impersonate another computing system so that they can send large amount of packets in order to exhaust available resources on the destination machine.
There are two methods of configuring IP Spoofing on DrayTek routers (depends on the firmware version your router supports):
Go to [Firewall] > [Defense Setup] > [Spoofing Defense] page. Under the IP Spoofing Defense section, select the Block IP packet from WAN or LAN option. Set the Log to Enable if you need to see if any actions had to be taken by the router.
1. Telnet into Vigor Router
2. Use one of the following commands:
While receiving packets from WAN, Vigor Router will check if the source IP address and the coming WAN interface is reasonable. If not, Vigor will drop the packets instead of forwarding them to the internal network.
For example, if Vigor’s LAN network IP address is 192.168.1.1 and it receives the packet from WAN with the source IP 192.168.1.100, Vigor will drop the packet and send the defense log like this: [IP Spoofing Defense]Block packet from WAN with source IP: 192.168.1.100
When receiving packets from LAN and the option is enabled, Vigor Router will check if the source IP and the coming LAN interface is reasonable. If not, Vigor will drop the packet and display the log similar to this:[IP Spoofing Defense]Block packet from LAN with source IP: 192.168.239.31
If your ISP is using a different device to respond to your router's ARP packets, the ARP Address Mismatch output can be produced. You can read more about this here.
Note that IP Spoofing can impact some features where the same IP can be expected on two or more interfaces, e.g. the link aggregation or high availability configuration.