How to check my network for IP spoofing availability?
I want to test if my network or even my ISP blocks spoofed IP packets. I am running a Debian Linux OS.
I found this nice tool, but it's not working on my system .. https://www.caida.org/projects/spoofer/
Does somebody know another way how to check this?
You can't always completely stop IP spoofing
IP networks are vulnerable to some degree...
You need to know what to do to make IP spoofing more difficult, less likely or not possible in some situations (that actually matter). Below is a nice list I found on a a simple website. The site also explains the basic concepts for IP spoofing to better help you understand what you're up against.
http://www.computerworld.com/article/2546050/network-security/the-top-five-ways-to-prevent-ip-spoofing.html
- Use authentication based on key exchange between the machines on your network; something like IPsec will significantly cut down on the risk of spoofing.
- Use an access control list to deny private IP addresses on your downstream interface.
- Implement filtering of both inbound and outbound traffic.
- Configure your routers and switches if they support such configuration, to reject packets originating from outside your local network that claim to originate from within.
- Enable encryption sessions on your router so that trusted hosts that are outside your network can securely communicate with your local hosts.
I believe list item number 1 is essential for strong security. Basically don't trust things based on IP, so it doesn't matter if it's spoofed or not. Use good encryption with key exchanges to verify identify of machines if you have any concern.
A great example of a way to trust systems only on key exchange is OpenVPN
- The server has a key, that the client can verify
- The client gets a key that the server can verify, encrypted with a password
- If either system gets something wrong, there will be no trust (tunnel)