-2

I was wondering that if there is a Local Area Network and one public IP,through which various clients connect(which have been allocated private IP's).Suppose one of the clients spoofs his IP to try to launch an attack against a server(say Google).Does there exist a way that Google uses to secure itself against such attacks,without the help of network administrator.

user1369975
  • 99
  • 5
  • IP Spoofing and DDoS are hard issues, because usually the victim cannot do much to protect itself. It is the responsability of each ISP around the world to do their part to prevent their customers to initiate these attacks. – LatinSuD Jun 04 '14 at 12:07

1 Answers1

3

The attacks one could attempt against Google by using a spoofed IP address would more or less only be SYN floods, which can easily be protected against using SYN cookies.

More interesting attacks can be performed if you use a real IP address. In that case you can establish a TCP connection and attempt attacks against the much wider range of software you find on the next level up the stack.

Defending against those attacks is mainly a matter of patching security vulnerabilities once they are found. Given that Google uses an in-house developed software stack, most such vulnerabilities are discovered by insiders.

Spoofing in the scenario you describe is unlikely to be possible. First of all, you are suggesting a scenario, where there would have to be a router applying NAT. If that router does not discover the spoofing and reject the spoofed packets, it is likely going to NAT them, such that there won't be any spoofing going on by the time the packets reach the Internet.

Even if the router for some reason is configured to notice that the packets are not from valid LAN addresses and thus bypass the NAT but still route them onto the Internet, the ISP is likely to block them.

Google has one service which is a bit more difficult to protect against spoofing. That is the Google Public DNS service. DNS is due to the design of the protocol easy to exploit in reflection/amplification attacks. There are ways to protect against this. I don't know exactly which methods Google uses, but there is much information on the Internet about this kind of attack, and possible protections.

On a related note, one could wonder how Google protects against flooding/DDoS attacks. This is an entirely different class of attacks from spoofing. But one that you often want to protect against at the same layer of the stack.

First of all Google has lots of network capacity. An attack that simply sends so much traffic to Google, that multiple of their network links get congested, is highly unlikely. Due to that, what Google really has to do is to detect attacks and just ensure that they do not consume too many resources on the servers themselves or consume too much bandwidth sending large replies to bots in a DDoS attack.

kasperd
  • 29,894
  • 16
  • 72
  • 122