Help
FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
GabrielAuYong_FTNT
Staff
Staff

Created on ‎12-01-2011 05:03 PM

Article Id 198116

Technical Note : Explanation of forged IP

Description

This article provides an explanation of forged IP.


Scope

All FortiMail


Solution
When the forged IP scan is enabled, the FortiMail will perform a reverse (PTR record) lookup on the IP address of a connecting host to get a hostname. It will then perform a forward (A record) lookup on that hostname, and compare the returned IP address to that of the connecting host. If they do not match, then the IP address is considered "forged".

This can occasionally cause false-positives with hosts with multiple A records. The FortiMail will check the connecting IP against all the A records for the hostname, but some DNS servers will return a truncated list, possibly cutting off the IP address that was actually connecting.

Labels:
3352
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.