Block IPSpoofing Attack on Ubuntu/CentOS Server

☰ In this chapter, you will learn

Understand IPSpoofing

IPspoofing is a trick where someone pretends to be another IP address, fooling the network into thinking the packet is from a trusted source. By changing the source address of IP packets, IP spoofing can make network security systems think the packets are safe and let them through.

By this way, the attacker can open a door on your server for various malicious activities such as:

1. DoS attack
2. DDoS attack
3. MitM Attack
4. Data theft
5. Identity theft
6. Phishing attack, etc.

To harden your server security, you must take a step to protect your server from IPSpoofing attack.

How to protect Ubuntu/CentOS server from the IPSpoofing attack?

To protect an Ubuntu/CentOS server from IP spoofing attacks, you can implement several measures:

1. Turn "nospoof on" in /etc/host.conf file

sudo vi /etc/host.conf
# The "order" line is only used by old versions of the C library.
order hosts,bind
# multi on
nospoof on  

2. Enable Source Address Verification (Reverse Path Filtering) in IPTables

sudo vi /etc/sysctl.conf
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks

net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1

# Uncomment the next line to enable TCP/IP SYN cookies
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1

# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1

sudo sysctl -p

Summary:

In this guide, we aim to assist you in protecting your Ubuntu/CentOS server from IP spoofing attacks.