IP Address Spoofing

[Jeremy Ovenden]

What are the vulnerabilities of a server on the internet, if e.g. telnet and
ftp access are restricted to known IP addresses? How easy is it for someone
to 'spoof' an IP address, is this common?

many thanks
Jeremy

[Walter Roberson]

In article <84i5gr$f7e$1...@gxsn.com>,
Jeremy Ovenden <jove...@hazelweb.co.uk> wrote:
:What are the vulnerabilities of a server on the internet, if e.g. telnet and

:ftp access are restricted to known IP addresses? How easy is it for someone
:to 'spoof' an IP address, is this common?

Any insecure system on the same LAN (local area network) can be used to
spoof IP addresses completely, with a high degree of reliability,
unless the server uses a cryptographic challenge of some sort to force
the client to prove who it is.

Once you get beyond the LAN, things get harder. If the target system
and router support source-routed addresses, then it is easy though.
If the router blocks out external packets that claim to originate from
an internal address, spoofing is difficult. If the router allows
external packets that claim to originate from an internal address,
then the ability to spoof gets less reliable -- you might have to
operate "blind" (send packets to the target knowing you won't get
back the result, but pretend that you did get back the result.)

Is spoofing common? For some purposes, it is quite common: it is used
as part of the 'Smurf' attack, which tries to provoke a system to send
a flood of packets to a third party in hopes of swamping the third party.
But spoofing is not -commonly- used by the script kiddies otherwise
due to the difficulties in getting back information as to what's going on.

A real serious attacker would probably try spoofing somewhere along the line,
so if your site is especially attractive for some reason or other,
then you can expect that spoofing will be tried against you.