Hi Punit, In isolated guest network you can't enforce anti spoofing. But in shared networks you can't spoof ip address.
For isolated networks the secondary ips to nic will reserve the ip for the nic and you can NAT these ips using PF, static nat rules on public ip. Thanks, Jayapal On 10-Oct-2013, at 2:26 PM, Punit Dambiwal <[email protected]> wrote: > Hi, > > CS 4.2 has the functionality to add multiple ip address on the same > NIC...but it has the bug...user can access the multiple ip address even the > ip address not allowed/added in the CS UI. > > 1. Created one Linux instance. > 2. Didn't add the secondary ip address to this VM instance through CS UI. > 3. Login to the server via SSH and add additional virtual ip address > (eth0:0). > 4. Restart the Network service and i can able to ping the new added ip > address,even this ip address haven't added as secondary ip address in CS UI. > > With this end user can do spoofing.... > > Thanks, > Punit Dambiwal
