An iptables rule on my database server is:
-A INPUT -p tcp --dport 6432 -s 10.115.0.150 -j ACCEPT
I have other rules (loopback, etc.), but I'm wondering if that specific rule can be "hacked". Can somebody just "spoof" the IP address (even though it's a private network address - also, would it be different if it was a public address)? Something different?
Iain's answer is generally correct, but needs a little expanding to explain why the attack would be difficult to execute.
TCP uses a combination of bit-based flags and 32-bit counters, called sequence and acknowledgement numbers, to drive the state machine that tracks the progress of a TCP connection throughout its life. Understanding how these two 32-bit counters play into the three-way handshake that precedes transfer of payload data in every TCP connection will make the impracticality of attacks using spoofed source IP addresses clear.
When a client initiates a TCP connection to a remote server it sends a TCP segment with the SYN bit set and a randomly-chosen initial sequence number. The remote server responds with a TCP segment with both the SYN and ACK bits set, a randomly-chosen initial sequence number, and an acknowledgement number equal to the client's initial sequence number plus 1. Finally, the client responds with a TCP segment with the ACK bit set, a sequence number equal to the initial sequence number it send plus 1, and an acknowledgement number equal to the remote server's initial sequence number plus 1.
When an attacker is forging IP datagrams from another host's source IP address it is typically the case that the attacker doesn't receive the responses to any packets they might send. In such a scenario the attacker has, effectively, a one-way communication channel to the remote server. Looking at the packet flow in the TCP handshake, it would be necessary for the attacker to predict the initial sequence number that the remote server is going to generate in its SYN/ACK response in order to respond with the appropriate acknowledgement number in the ACK response to complete the three-way handshake. The attacker needs to guess a 32-bit number correctly in order for the attack to work.
Today this type of attack is complete impractical. In the past, though, some high-profile attacks used this very method. This was possible because, in the past, some operating systems had very predictable initial sequence numbers. (You might find Michal Zalewski's paper Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later an interesting read, in terms of describing the predictability of initial sequence numbers of various operating systems.)
Not under normal circumstances.
The TCP protocol has a 3 way handshake to set up a connection
Host A sends a SYN packet to Host B
Host B sends a SYN ACK packet to host A
Host A sends an ACK packet to host B
and the connection is establishd
Now if we introduce a Host C which spoofs Host A's Address
Host C sends a spoofed SYN packet to Host B
Host B sends a SYN ACK packet to Host A
Host A isn't expecting a SYN ACK so it just ignores it.
