To prevent IP spoofing attacks, a firewall should be configured to drop a packet if:
A、the source routing field is enabled.
B、it has a broadcast address in the destination field.
C、a reset flag (RST) is turned on for the TCP connection.
D、dynamic routing is used instead of static routing.