Options
IP Spoofing Question
Computadora
Member Posts: 69 ■■□□□□□□□□
in Security+
I was watching the CBT nuggets security+ videos where the presenter mentioned that a way to mitigate IP spoofing was to use private address space or RFC 1918 for your internal network. I do not understand though why can an attacker not spoof a private IP address?
Comments
-
Optionssidsanders Member Posts: 217 ■■■□□□□□□□the reason might be: the priv ip ranges theoretically should never arrive on your internet facing (external) interfaces.
one of the best ways to deal with it is to use firewalls and make sure they can do ip spoofing checks. set the external facing interface to never allow an ip from one of the priv ranges in, and not allow any other ip range that is behind (internal) in from the external side.GO TEAM VENTURE!!!! -
Optionsfroufrou123 Member Posts: 29 ■□□□□□□□□□Routers drop packets with private IP as the source. In other words, private addresses aren't routable like global public addresses.
-
Optionsbroc Member Posts: 167froufrou123 wrote: »Routers drop packets with private IP as the source. In other words, private addresses aren't routable like global public addresses.
Hmm, that's not quite true. Routers won't drop those packets out of the box. It is something you have to configure. Imagine if your internal router was dropping all packets with a private IP in the header, that might cause some problem"Not everything that counts can be counted, and not everything that can be counted counts.” -
OptionsQHalo Member Posts: 1,488This might help you understand it a bit better and also some mitigation techniques from a Cisco standpoint.
Prevent IP spoofing with the Cisco IOS -
Optionsfroufrou123 Member Posts: 29 ■□□□□□□□□□Hmm, that's not quite true. Routers won't drop those packets out of the box. It is something you have to configure. Imagine if your internal router was dropping all packets with a private IP in the header, that might cause some problem
Aside from other helpful links, this link may also help understand the concept: IP Spoofing: An Introduction | Symantec Connect