# Can ip spoofing be blocked?



## novice_99 (Sep 2, 2008)

Just wondering if there is a way to block ip spoofing. I work in an organization where most of the desktop systems are windows xp systems.

A user in one building has told me that he has engaged in ip spoofing. The building has a cisco switch and cisco routers and multiple vlans. The cisco equipment supports ACLs. (I don't have access to them but may be able to convince the IT people to initiate a precaution if there is one.)


----------



## Cellus (Aug 31, 2006)

As a very important note, it is all very dependent on the topology and configuration of your network. Whatever advice is given, it'll have to be tailored to fit your needs.

ACLs in Cisco are pretty simple, and are not really designed to stop IP spoofing. You can set up rules to only permit traffic to and from various ports using defined IP ranges, which would require the malicious user to use the right IP. The best method would be to control the ports in use on the networking equipment - any spare physical ports not in use should be blocked/disabled to prevent people from simply plugging a PC in and getting on the network. If you are using DHCP, utilizing DHCP authorization (requiring a valid MAC address) will make it difficult for the user to grab a legitimate IP.

All in all there isn't really too much to worry about - even if he was able to spoof his IP (which is easy) it doesn't mean he would be able to do things like man-in-the-middle attacks, which would require breaking the security at other layers (eg: IPSec, VPNs, etc.).

Talk to the IT people and find out if IPSec is in use. If it is, you're pretty cozy as far as things go. Of course setting up the right ACLs is also a good idea, but keep in mind that spoofing an IP is but the first step of several before you can actually do something nasty with it.


----------

