Go Back   Tech Support Forum > Security Center > General Computer Security

Can ip spoofing be blocked?

This is a discussion on Can ip spoofing be blocked? within the General Computer Security forums, part of the Tech Support Forum category. Just wondering if there is a way to block ip spoofing. I work in an organization where most of the


Closed Thread
 
Thread Tools Search this Thread
Old 09-02-2008, 04:37 PM   #1
Registered Member
 
Join Date: Sep 2008
Posts: 1
OS: windows xp



Just wondering if there is a way to block ip spoofing. I work in an organization where most of the desktop systems are windows xp systems.

A user in one building has told me that he has engaged in ip spoofing. The building has a cisco switch and cisco routers and multiple vlans. The cisco equipment supports ACLs. (I don't have access to them but may be able to convince the IT people to initiate a precaution if there is one.)

__________________
novice_99 is offline  
Old 09-03-2008, 03:09 PM   #2
TSF Team Emeritus, Networking Team
 
Cellus's Avatar
 
Join Date: Aug 2006
Location: Canada
Posts: 2,665
OS: Windows Vista Business SP1, Windows XP Professional SP3

My System


As a very important note, it is all very dependent on the topology and configuration of your network. Whatever advice is given, it'll have to be tailored to fit your needs.

ACLs in Cisco are pretty simple, and are not really designed to stop IP spoofing. You can set up rules to only permit traffic to and from various ports using defined IP ranges, which would require the malicious user to use the right IP. The best method would be to control the ports in use on the networking equipment - any spare physical ports not in use should be blocked/disabled to prevent people from simply plugging a PC in and getting on the network. If you are using DHCP, utilizing DHCP authorization (requiring a valid MAC address) will make it difficult for the user to grab a legitimate IP.

All in all there isn't really too much to worry about - even if he was able to spoof his IP (which is easy) it doesn't mean he would be able to do things like man-in-the-middle attacks, which would require breaking the security at other layers (eg: IPSec, VPNs, etc.).

Talk to the IT people and find out if IPSec is in use. If it is, you're pretty cozy as far as things go. Of course setting up the right ACLs is also a good idea, but keep in mind that spoofing an IP is but the first step of several before you can actually do something nasty with it.
__________________
TSF Networking Team

Virus/Trojan/Spyware Removal Help
Donate!
Cellus is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 09:09 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts