When considering ingress filtering, why should all inbound packets be dropped if they contain a source address from within the protected network address space?
When considering ingress filtering, why should all inbound packets be dropped if they contain a source address from within the protected network address space?
The reason for dropping all inbound packets containing a source address from within the protected network address space is primarily due to the risk of address spoofing. Deliberately spoofed packets by an attacker can pose a significant threat to the network's security, and such packets originating from the protected network address space indicate that an external source is pretending to be part of the internal network. This is captured by option B (The packets may be deliberately spoofed by an attacker) and C (The packets may have been accidentally routed onto the Internet). Therefore, the correct answer is B and C.
A. The packets are probably corrupted. B. The packets may have been accidentally routed onto the Internet. C. The packets may be deliberately spoofed by an attacker. D. The packets are a sign of excess fragmentation.