What is IP spoofing?
IP Spoofing is the technique used by intruders to gain access to a Network by sending messages to a computer with an IP address indicating that the message is coming from a trusted host. To engage in IP spoofing, a hacker must first use a variety of techniques to find an IP address of a trusted host and then modify the packet headers so that it appears that the packets are coming from that host. As Routers use the "destination IP" address in order to forward packets through the Internet, but ignore the "source IP" address which is only used by the destination machine when it responds back to the source. These attacks exploit applications that use authentication based on IP addresses.But this attack does not involve source routing.There's a common misconception that "IP spoofing" can be used to hide your IP address while surfing the Internet, chatting on-line, sending e-mail, and so forth but this is generally not true. You cannot create a normal network connection by forging the source IP address as the response will be misdirected.However, IP spoofing is an integral part of many network attacks that do not need to see responses (blind spoofing).
With the current IP protocol technology, it is impossible to eliminate IP-spoofed packets. The best way to to eliminate IP spoofing attacks is to install a filtering router that restricts the input to your external interface by not allowing a packet through if it has a source address from your internal network. In addition, you should filter outgoing packets that have a source address different from your internal network to prevent a source IP spoofing attack from originating from your site.The combination of these two filters would prevent outside attackers from sending you packets pretending to be from your internal network. It would also prevent packets originating within your network from pretending to be from outside your network.
This was first published in March 2002