One method to gain access to a restricted network is to insert
a bogus source address in the packet header to make the packet
appear to come from a trusted source. This technique is called
IP spoofing. The mechanism to detect IP spoofing relies on
route table entries.
For example, if a packet with source IP address 10.1.1.6 arrives
at port eth3, but the device has a route to 10.1.1.0/24 through
port eth1. IP spoofing checking notes that this address arrived
at an invalid interface as defined in the route table. A valid
packet from 10.1.1.6 can only arrive via eth1, not eth3. The
device concludes that the packet has a spoofed source IP address
and discards it.
This attribute records the address spoofing attack packets.