What is IP spoofing?
Many firewalls examine the source IP addresses of packets to determine if they are legitimate. A firewall may be instructed to allow traffic through if it comes from a specific trusted host. A malicious cracker would then try to gain entry by “spoofing” the source IP address of packets sent to the firewall. If the firewall thought that the packets originated from a trusted host, it may let them through unless other criteria failed to be met. Of course the cracker would need to know a good deal about the firewall’s rule base to exploit this kind of weakness. This reinforces the principle that technology alone will not solve all security problems. Responsible management of information is essential. One of Courtney’s laws sums it up: “There are management solutions to technical problems, but no technical solutions to management problems”.
IP spoofing is a technique used primarily to allow a small number of IP addresses (a class C, for example) to be used by a large number of hosts (a thousand, for example), even though a thousand hosts could never fit in a single class C. The trick is to use a router that actually changes the IP addresses as it passes the packets on to the global Internet. Thus, a host might be assigned an IP address of 10.10.55.2. This is completely bogus, and in fact the entire 10 network (all addresses like 10.X.X.X) has been reserved for the creation of these bogus addresses. The router connecting such a host to the Internet must then perform IP spoofing. A valid IP address is drawn from a pool and temporarily mapped to 10.10.55.2, and the packets’ source IP addresses are changed to reflect this. As the reply packets come back, the router changes their destination addresses to 10.10.55.2, and forwards them into the internal network. Thus, a thousand hosts can share a single class C, so long as no mo
