Every device connected to your company network has a unique IP (Internet Protocol) address, a code used to order the forwarding of packets that request to communicate using the public network.
The internet protocol is an industry standard and, on the one hand, eases the traffic addressing. On the other hand, by knowing this information, an attacker can exploit an IP address and use any device as an attack resource, but without being tracked.
Notebooks, desktops, printers and even video cameras have their own IP.
What if a malicious agent can mask the address, cheating your system to release traffic?
What is IP Spoofing?
This is the premise used by a malicious technique called IP Spoofing, whose purpose is to modify the correct IP address of the source so that the system to which a packet is directed can not properly identify the sender.
This technique is viable because, by design, TCP/IP protocol allows the source address in the packet header to be modified. This is a permanent challenge to ensure traffic security.
How it works?
Sending and receiving IP packets is the rule of communication over the internet and follows a simple procedure. Each packet has a header that contains information for routing. In a trusted packet, the source address that is indicated in the header is the actual sender’s address.
However, if an attacker manages to forge the IP address, the source address indicated in the header will be from another device.
For that reason, the technique is often applied in DDoS attacks. When a source IP is false and can be constantly modified, blocking new requests assertively becomes a major challenge. For the attacker, it is a very effective technique, as it makes any tracking action difficult.
By using IP Spoofing, a malicious agent can:
- Go unnoticed by IP detection systems (the origin of the attack can not be identified);
- Avoid alerts of systems based on IP reputation signatures (whitelists, blacklists).
Reduce risk by properly configuring your firewall
Considering how this technique works, firewall can help to block IP spoofing traffic.
BLOCKBIT UTM has features that will help you address this constant threat:
- IP Spoofing Prevention by Zone Protection: Ensures that the system only accepts packets with IP addresses originated from known Network Zone;
- Authenticated Firewall: Policies that require a user to be authenticated by the firewall to traffic the network.
In brief, your greater challenge is to efficiently filter traffic originated from outside the perimeter. But if you are assisted by a powerful firewall and correctly apply and review rules to identify forged packets, it is possible to mitigate IP Spoofing.