IP Spoofing Question

ComputadoraComputadora Member Posts: 69 ■■□□□□□□□□
I was watching the CBT nuggets security+ videos where the presenter mentioned that a way to mitigate IP spoofing was to use private address space or RFC 1918 for your internal network. I do not understand though why can an attacker not spoof a private IP address?

Comments

  • sidsanderssidsanders Member Posts: 217 ■■■□□□□□□□
    the reason might be: the priv ip ranges theoretically should never arrive on your internet facing (external) interfaces.

    one of the best ways to deal with it is to use firewalls and make sure they can do ip spoofing checks. set the external facing interface to never allow an ip from one of the priv ranges in, and not allow any other ip range that is behind (internal) in from the external side.
    GO TEAM VENTURE!!!!
  • froufrou123froufrou123 Member Posts: 29 ■□□□□□□□□□
    Routers drop packets with private IP as the source. In other words, private addresses aren't routable like global public addresses.
  • brocbroc Member Posts: 167
    Routers drop packets with private IP as the source. In other words, private addresses aren't routable like global public addresses.

    Hmm, that's not quite true. Routers won't drop those packets out of the box. It is something you have to configure. Imagine if your internal router was dropping all packets with a private IP in the header, that might cause some problem :)
    "Not everything that counts can be counted, and not everything that can be counted counts.”
  • QHaloQHalo Member Posts: 1,488
    This might help you understand it a bit better and also some mitigation techniques from a Cisco standpoint.

    Prevent IP spoofing with the Cisco IOS
  • froufrou123froufrou123 Member Posts: 29 ■□□□□□□□□□
    broc wrote: »
    Hmm, that's not quite true. Routers won't drop those packets out of the box. It is something you have to configure. Imagine if your internal router was dropping all packets with a private IP in the header, that might cause some problem :)
    I see, so routers must have ACLs rejecting any pckts with private IP addresses as source on downstream ports, also pckts sourced to be outside of internal subnets on upstream ports. :D

    Aside from other helpful links, this link may also help understand the concept: IP Spoofing: An Introduction | Symantec Connect
Sign In or Register to comment.