How to protect against IP spoofing?

IP spoofing refers to the practise of generating Internet Protocol (IP) packets with a spoofed source address, with the goals of concealing the sender's identity or impersonating another computer system with a stresser. It's a method that bad guys frequently employ to launch distributed denial of service (DDoS) assaults against a device or the network supporting it.

IP packet transmission and reception is at the heart of current internet communications between computers and other devices connected through a network. The header, which comes before the packet's body, provides essential routing data such as the packet's source address. The IP address of the packet's sender is the source IP address in a typical packet. A forged source address is a telltale sign that a packet has been faked.

When an attacker engages in IP spoofing, it's like sending a parcel to the wrong address. Since the sender may simply modify the return address, the recipient's action of refusing all shipments from the fake address would not prevent more items from being sent to them. Similar to the last point, if the recipient responds to the return address, the shipment will be sent somewhere other than to the actual sender. A major flaw that many Distributed Denial of Service attacks take advantage of is the possibility of spoofing packet addresses.

Spoofing is commonly used in distributed denial of service attacks to hide the true origin of the assault and thwart countermeasures. It's far more difficult to prevent fraudulent requests if the originating IP address is being spoofed and constantly changed. Additionally, law enforcement and cyber security professionals have a hard time tracing the source of an attack when IP spoofing is in play.

Spoofing is also used to impersonate another device in order to redirect incoming answers to the intended recipient. This hole is exploited in volumetric attacks like NTP Amplification and DNS amplification. TCP/architecture IP's makes it possible to alter the source IP, which is a persistent security risk.

In addition to denial-of-service attacks, spoofing may be used to bypass authentication and "hijack" a user session by pretending to be another device.

How to protect against IP spoofing (packet filtering)

While it is impossible to completely eliminate the possibility of IP spoofing, there are ways to prevent spoofed packets from even reaching a network. Ingress filtering, described in BCP38, is a typical method of protecting networks from spoofing (a Best Common Practice document). An ingress filter is a type of packet filter that checks the source IP address and header information of incoming data packets. These packets are discarded if their source headers don't correspond to their actual origin or if anything else about them seems off. Egress filtering is used by certain networks to ensure that only valid IP packets are allowed to leave the network, preventing malicious attacks from within the network that use IP spoofing.