-2

I want to test if my network or even my ISP blocks spoofed IP packets. I am running a Debian Linux OS.

I found this nice tool, but it's not working on my system .. https://www.caida.org/projects/spoofer/

Does somebody know another way how to check this?

vP3nguin
  • 113
  • 1
  • 6

1 Answers1

1

You can't always completely stop IP spoofing

IP networks are vulnerable to some degree...

You need to know what to do to make IP spoofing more difficult, less likely or not possible in some situations (that actually matter). Below is a nice list I found on a a simple website. The site also explains the basic concepts for IP spoofing to better help you understand what you're up against.

http://www.computerworld.com/article/2546050/network-security/the-top-five-ways-to-prevent-ip-spoofing.html

  1. Use authentication based on key exchange between the machines on your network; something like IPsec will significantly cut down on the risk of spoofing.
  2. Use an access control list to deny private IP addresses on your downstream interface.
  3. Implement filtering of both inbound and outbound traffic.
  4. Configure your routers and switches if they support such configuration, to reject packets originating from outside your local network that claim to originate from within.
  5. Enable encryption sessions on your router so that trusted hosts that are outside your network can securely communicate with your local hosts.

I believe list item number 1 is essential for strong security. Basically don't trust things based on IP, so it doesn't matter if it's spoofed or not. Use good encryption with key exchanges to verify identify of machines if you have any concern.

A great example of a way to trust systems only on key exchange is OpenVPN

  • The server has a key, that the client can verify
  • The client gets a key that the server can verify, encrypted with a password
  • If either system gets something wrong, there will be no trust (tunnel)
Ryan Babchishin
  • 6,160
  • 2
  • 16
  • 36
  • Thank you very much for this! But it's not exactly what I want to know.. I am interested to check out number 4 of your answer: Does my ISP reject outgoing packets with a spoofed IP source from outside it's own IP block or not? How can I test this? ..hope this is more clearly :) – vP3nguin Aug 02 '16 at 04:47
  • @Don Oh... **you** want to spoof packets going out? Is that what you're saying? Just send the packets and see if they arrive somewhere else and look at their source address... that should be easy to test. Do you need tips? My old ISP used to let me do this (I used it for load balancing). And my new ISP after that would rewrite the outgoing packets back to my proper IP address. – Ryan Babchishin Aug 02 '16 at 04:56
  • @Don http://www.whatsmyip.org/ – Ryan Babchishin Aug 02 '16 at 05:00
  • I know.. but I had no machine outside my ISP's network to view the incoming packets source.. and it's to much work to set one up :D – vP3nguin Aug 02 '16 at 05:26
  • @Don That's why I gave you whatsmyip.org. But frankly, if you need to verify that your packets are formatted correctly, you are going to have to verify it! There are some free shell accounts out there, possibly some cheap VPS services... but you'll have to do something if you want to see your packets. – Ryan Babchishin Aug 02 '16 at 05:50
  • Okay. I thought there would be some projects out there, like the link I posted before, but I will do it now on my own.. Thank you very much! – vP3nguin Aug 02 '16 at 05:54
  • @Don Maybe you can post a question about Spoofer and try to get help getting it working. – Ryan Babchishin Aug 02 '16 at 05:57
  • Can you give me an example of a free shell out there.. unable to find one :P – vP3nguin Aug 02 '16 at 06:42
  • @Don http://shells.red-pill.eu/ is a list of free shell services – Ryan Babchishin Aug 02 '16 at 06:58