Spoofing external IP addresses?
Results 1 to 4 of 4

Thread: Spoofing external IP addresses?

  1. #1
    Member
    Join Date
    Jul 2002
    Posts
    50

    Question Spoofing external IP addresses?

    I work for a bank and am will be implementing some new security settings soon via a VPN device...

    What I'm wondering - from a security standpoint...is this....

    The scenario is as follows - from our internal IP address scheme - the vpn device will be told which IP addresses will be allowed to send traffic to the other end...

    From our vpn - it will travel to our host provider - to their firewall/router - and out to the internet where it gets assigned an external IP address. The other end requires us to provide them with that external IP address so that on their end, they will only accept traffic from that external IP address.

    My question is this...

    could someone setup a vpn at their house (no matter how costly it may be), and spoof both our internal IP address scheme so that it would leave their network - AND spoof the external IP address to match that of our host providers?

    My impression was that there are no two external IP addresses that are the same and that the external IP addresses could not be spoofed - but Lord knows I've been wrong before....

    If there woudl be another way to compromise this strategy, let me know - we are assuming that the bank's network itself is secure in that someone couldn't "hack" into it to gain access to the real external IP address.

  2. #2
    Banned
    Join Date
    Aug 2004
    Posts
    534
    vpn's usually have other forms of authentification other then simple IP rulesets... pls elaborate on make/software of your vpn

  3. #3
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    yes, they could. And you can get a VPN capable router for 99 bucks at compusa so cost is not even a factor in this. VPN will normally authenticate with username/password and hopefully have some encryption tied to it becasue it is possible to spoof the IP address.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  4. #4
    Member
    Join Date
    Jun 2005
    Posts
    34
    try using certificate authentication or some type of 3-factor authentication like RSA
    to SYN, or not to SYN. That is the question. -Shakespeare?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides