Prevent Internet Protocol (IP) Spoofing

Internet protocol spoofing which is commonly known as IP spoofing is a ploy used by an attacker to make clients think that the packages they are using come from a trusted source. The attacker sets IP packets with a counterfeit IP address that a client later uses without knowing that they are not from a trusted machine. Spoofing comes in many types such as blind spoofing, denial-of-service attack and non-blind spoofing. Attackers usually use this trick to hide where a computer is connecting from or which computer is accessing the network. Different people have different reasons as to why they would want to spoof the network. Some of the reasons could be for criminal activities or to visit websites that have morally unacceptable content. IP spoofing exposures one to loss of sensitive information or even damage to the overall network.

There are several ways to prevent IP spoofing. The first method that you can use is to do away with host based network authentications. Host based authentication uses a public host key for authentication which is highly susceptible to hacking. So instead you should use network encryption for authentication. In encrypted networks, it is hard for an attacker to hack into your network since it only sends encrypted packets over the network.

You could also use ingress filtering technique to rid your network from IP spoofing attacks. In this technique, all packets originating from a source outside the network are filtered at the gateway of the network with a source address within the network to confirm that they come from a legitimate source. If the packages are illegitimate they are blocked from your network.

You could also use engineer filtering method to safeguard your network from theses attacks. In engasing filtering, all packets originating from within the network are blocked from inside the network using a source address that is outside the network. They are scanned via a router or firewall and the packages that seem suspicious are with held. The method is effective in preventing an attacker within your network who could be filtering from launching his or her IP spoofing attack against an external machine. Usually ingress filtering is used together with filter filtering.

The other way to prevent IP spoofing is the configuration of your routers and switches. This is done to make them support a certain configuration such that they will not accept packets that come from outside your local network and claim to have originated from within. You could also allow encryption sessions on the router that you are using so that trusted hosts outside your network can securely communicate with your local hosts. Use of authentication key exchange between machines on your network can substantively reduce spoofing attacks.

Using the reverse path forwarding IP verify technique you can prevent IP spoofing. In this method the reverse path forwarding takes the source of an IP address of a packet that is received from outside the network and looks up to confirm if the router has a route in its table that can be used to reply to that packet. If none is found on the routing table, it is assumed that the packet has been spoofed and the router drops the packet immediately.

You may also like...