How Do I Prevent IP Spoofing Attacks

by Edith Ledwin.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on protocols  

You are here: Categories » Electronics and communication » Protocols

Configuring your network to reject packets from the Net that claim to originate from a local address can thwart IP spoofing attacks. This is done at the router level. Conversely, it is also generally a good policy to reject packets originating inside of your network that claim to come from a host on the outside.

Although routers are a solution to the general spoofing problem, they too operate by examining the source address. Thus, they can only protect against incoming packets that purport to originate from within your internal network. If your network (for some inexplicable reason) trusts foreign hosts, routers will not protect against a spoofing attack that purports to originate from those hosts.

There are several products that incorporate anti-spoofing technology into their general design. Here are a couple:

- NetVision Synchronicity for Windows NT. The Synchronicity product line incorporates concurrent management of NDS and NT objects and systems. Anti-spoofing support is built in.

- Cisco PIX Firewall. PIX is Cisco's premier Internet BXsecurity product and is a full-fledged firewall with built-in anti-spoofing capabilities.

Certain products can also test your network for vulnerability to IP spoofing.

If you're running a firewall, this does not automatically protect you from spoofing attacks. If you allow internal addresses access through the outside portion of the firewall, you're still vulnerable. Moreover, if your firewall runs proxies and those proxies perform their authentication based on the IP source address, you have a problem. (Essentially, this type of authentication is no different from any other form of IP-based authentication.)

Closely monitoring your network is another preventative measure. Try identifying packets that purport to originate within your network, but attempt to gain entrance at the firewall or first network interface that they encounter on your wire. The following paragraph is excerpted from Defense Information System Network Security Bulletin #95-32. This bulletin can be found online at http://csrc.ncsl.nist.gov/secalert/ddn/1995/sec-9532.txt.

There are several classes of packets that you could watch for. The most basic is any TCP packet where the network portion (Class A, B, or C or a prefix and length as specified by the Classless Inter-Domain Routing (CIDR) specification) of the source and destination addresses are the same but neither are from your local network. These packets would not normally go outside the source network unless there is a routing problem worthy of additional investigation, or the packets actually originated outside your network. The latter can occur with mobile IP testing, but an attacker spoofing the source address is a more likely cause.

As a closing note, if you can afford the resource overhead, you can also detect spoofing through logging procedures (even in real-time). Running a comparison on connections between trusted hosts is a good start. For example, assume that trusted hosts A and B have a live session. Both will show processes indicating that the session is underway. If one of them doesn't indicate activity, a spoofing attack is afoot.

Share
Leave a comment or ask a question
Total comments: 0

Protocols Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
MIL STD 130 A Standard Protocol For Unique Identification - The MIL STD 130 is a protocol followed by the Department of Defense for keeping track of their military property. This property includes anything produced stocked stored or issued by and for the Do (more...)
Limitations of IPv4 - The current version of IP (known as version 4 or IPv4) has not changed substantially since Request for Comments (RFC) 791, which was published in 1981. IPv4 has proven to be robust, easily impl (more...)
Features of IPv6 - The following list summarizes the features of the IPv6 protocol: ■ New header format ■ Large address space ■ Stateless and stateful address configuration (more...)
IPv6 Routing Protocols - An IPv6 network consists of multiple IPv6 subnets interconnected by IPv6 routers. To provide reachability to any arbitrary location on the IPv6 network, routes must exist on sending hosts and r (more...)
History of the Internet - During the 1960s, the U.S. Department of Defense’s Advanced Research Projects Agency (ARPA, later called DARPA) began an experimental wide area network (WAN) that spanned the United States (more...)
Internet Protocol - The Internet Protocol (IP) part of the TCP/IP suite is a four-layer model. IP is designed to interconnect networks to form an Internet to pass data back and forth. IP contains addressing and contro (more...)
Transmission Control Protocol - IP has many weaknesses, one of which is unreliable packet delivery—packets may be dropped due to transmission errors, bad routes, and/or throughput degradation. The Transmission Control Proto (more...)
Internet Control Message Protocol ICMP - The Internet Control Message Protocol (ICMP) delivers message packets, reporting errors and other pertinent information to the sending station or source. Hosts and infrastructure equipment use this (more...)
THE WEB APPLICATION ARCHITECTURE - Web application architectures most closely approximate the centralized model of computing, with many distributed “thin” clients that typically perform little more than data presentati (more...)
DNS risks and security - DNS is the Domain Name System. It's a UDP- and TCP-based protocol that listens on port 53. TCP connections are commonly used for zone transfers. The DNS matches IP addresses to hostname (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.