To prevent IP spoofing attacks, a firewall should be configured to drop a packet if:
the source routing field is enabled.
it has a broadcast address in the destination field.
a reset flag (RST) is turned on for the TCP connection.
dynamic routing is used instead of static routing.
IP spoofing takes advantage of the source-routing option in the IP protocol. With this option enabled,
an attacker can insert a spoofed source IP address. The packet will travel the network according
to the information within the source-routing field, bypassing the logic in each router, including
dynamic and static routing (choice D). Choices B and C do not have any relation to IP spoofing
attacks. If a packet has a broadcast destination address (choice B), it will be sent to all addresses
in the subnet. Turning on the reset flag (RST) (choice C) is part of the normal procedure to end a