0

I'm trying to understand if IP Spoofing is really possible in 2022.

I generally found old documents which explains how you cannot trust the source IP for UDP connections and for the first SYN packet of a TCP conection. I also remember attempts to guess the ACK value in order to blindly establish the TCP connection, etc.

Recent sites are more or less advertising operations.

What I would like to understand is how current that information is.

Peering AS now (generally) filter the routing tables preventing bogus announcements to spread while a few years ago your neighboring AS could just claim to be a better route for whatever subnet in the world...

ISPs should not allow people to send bogus packets, as peering AS should filter the routing announcements, but is that generally done?

I suppose I should not trust too much some spam/hacker friendly countries, but what about the others?

RDX
  • 11
  • 1
  • 1
    IMO this question is better suited for [security.se]. – Gerald Schneider Jul 14 '22 at 07:25
  • 1
    Information Security looked more "academical". I'm a sysadmin and I'm writing fail2ban rules, ACLs, so I asked here looking for real-world ideas from people like me. But perhaps you're right. – RDX Jul 14 '22 at 08:17
  • IS is not academical, it is just more theoretical. If you have problems with fail2ban, you should write your question accordingly and it would be a better fit here. Currently your question is rather theoretical in nature. – Gerald Schneider Jul 14 '22 at 08:23
  • You're mixing two issues: a) BGP hijacking/bogus routing announces and b) source IP filtering/spoofing. These actually are not connected. While possibility to announce bogus stuff via BGP has diminished significantly these days, the ability to send a packet with a spoofed source IP remains pretty much the same. The latter requires more hardware resources and more admin overhead, so many ISPs, even large, just don't care. Yes, without BGP hijacking you won't get responses to your spoofed stuff, but it won't limit your ability to send it in the first place. – Peter Zhabin Jul 14 '22 at 13:58

0 Answers0