Can you spoof an ip-address?

Question:

The one

2015-11-06 12:49:27 UTC

By this I mean can you pretend one ip-address is another ip-address?

I am following up on only allowing specific ip-addresses to access port 22 from this quote:

Often times it is simply easier to just configure your firewall to only allow access to 22 from specific hosts, as opposed to the whole Internet.

So if I were to do that, provided my dynamic ip-address stayed in range, can anyone pretend to be going through my ip-address or "bounce" off my ip-address and it would seem as if I was the one asking to get access?

Four answers:

2015-11-06 13:48:23 UTC

They could get one packet in, but after that the routing would send all the returns to the "real" destination, so they would not even setup a TCP handshake.

They would have to subvert the ISP's routing table to accomplish IP spoofing. If they were a admin on a network that actually was the origin of the IP, then yes they can become that IP which really isn't spoofing.

If you are really worried, use firewall rules & public key authentication (with passphrase) or 2 auth token like Google oauth2.

Robert J

2015-11-06 14:06:39 UTC

No, or not in any usable way; any replies would be routed to whatever network the spoof address was actually on.

A better alternative for high security is to keep the port completely closed until it's needed - and use a "Port knocking" system to allow remote access.

That works by your remote system trying to access several different ports in a specific sequence - effectively a "combination lock" code, which is detected in the system log and the port knock setup then opens the appropriate port for the specific machine that sent the proper access code.

You run a portknock tool that sends the combination, then have eg. 15 seconds to start your "real" connection before the port is closed again. If you connect within that time, it stays open until you disconnect.

With 60,000+ port numbers per "digit" and several digits, the code variations are astronomical - it's generally considered a secure method.

More info:

http://www.portknocking.org/view/implementations

You can also get clients for other devices - eg.

https://play.google.com/store/apps/details?id=com.xargsgrep.portknocker&hl=en

Fester Frump

2015-11-06 13:27:52 UTC

Ever heard of Network Address Translation (NAT), that is essentially IP address spoofing.

2015-11-06 13:22:56 UTC

should secure any ssh connection in the ddh configuration abd use very strong passwords.Since your public IP can change without warning that is a very stupid way to secure it, You d

ⓘ

This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.

about - legalese