1

I am using Google-compute-engine and I have opened my Server to receive request only from a certain IP address and at the specified port by creating a firewall-rule and allowed only this IP, now in order to send a request to my server if a hacker knows what IP I have allowed, now can he use my IP in order to send request to my server(fake my server that his IP is my IP)?

Is it possible or not?

And if it is, then what things can I do in order to make server to receive requests from my system only?

Edit - Actually my concern is suppose my system IP is 123.23.23.23 and only this Ip I have allowed for my server to accept requests by creating a firewall-rule and allowed only this IP, now can a hacker show my server that his/her Ip is this because of which server will send data to his person?

Sudhanshu Gaur
  • 113
  • 5
  • This is fundamentally impossible with most networking protocols, including TCP. – forest Jun 26 '18 at 13:10
  • This is called `IP Spoofing`, and the possibility of such attack is somewhere between astronomically hard and impossible. – ThoriumBR Jun 26 '18 at 13:14
  • As far as I know, the only thing that an attacker can do with spoofing your ip is conduct a smurf attack. Outside of that, if you spoof someone's IP then you're getting the traffic. – DotNetRussell Jun 26 '18 at 13:18
  • Google could spoof the IP, since they run the network that your server sits on. No one else can do it without Google’s cooperation. – Mike Scott Jun 26 '18 at 13:27
  • 1
    As forest and ThoriumBR have explained, it is very hard to impossible. But! If someone would manage to backdoor a device on the network you trust, they could use that backdoor to bounce to your server. So yes, it's possible, but it needs some prerequisites. :-) – Nomad Jun 27 '18 at 15:22
  • Oh, someone could use BGP hijacking, but that's far more advanced than "pretending his IP is your IP" and involves screwing with the core infrastructure of the internet (possible, but difficult and invasive). – forest Jun 28 '18 at 03:00

1 Answers1

4

Spoofing IPs is one thing, getting the replies back is quite another. To spoof a packet the attacker just needs to find an ISP that is sloppy about ingress filtering. To get a reply back the attacker needs to inject routes into the network which is hard to do and especially hard to do without getting noticed. It does happen from time to time though, search for BGP hijacking to find examples.

So the first thing you need to do is make sure that your server requires some kind of session establishment (for example TCP) before acting on a request.

Beyond that you should not be using IP filtering as your sole defense mechanism but as only one part in a stack of security measures, so in the event that the attacker does manage to perform a BGP hijack they still face other security measures.

Peter Green
  • 4,918
  • 1
  • 21
  • 26