Urpf

Every spoofing attack starts with one missing check: does this packet actually come from where it claims? uRPF is the answer. When it is absent — CWE-290 — the entire network becomes an authentication bypass surface.

CVE-1999-0513 is 27 years old. The mechanism is alive. A 2026 enterprise wireless controller with no uRPF, no directed broadcast filtering, and an ICMP Echo handler that reflects to any source address gives you Smurf amplification from L2 adjacency. This post documents the full chain.