Skip to main content

How much of a linux security problem is "IP spoofing"? [Resolved]

I am using ConfigServer Security & Firewall (CSF) to limit port access to whitelist IP addresses. However I have heard that IP addresses can be spoofed. How wide-spread is this problem, and is it something I should be concerned with?

Question Credit: Owen
Question Reference
Asked August 18, 2019
Posted Under: Network
2 Answers

On a lot of consumer internet networks, I can just set my IP to that of the neighbors and have their IP, so yeah, IP's can be spoofed. Colocated servers also often share one subnet among different customers. Just DOS the machine so it goes down, take over its IP and you're done...

Anyway, it depends on your situation. Do you have data which you expect to be stolen, or tried to be stolen? Then you need more security than IP whitelisting. However, will it be a 'normal' (web)server, then usually even IP restrictions are only necessary for flakey software like PHPMyadmin. Software like SSH for instance won't just be cracked, because OpenSSH is strictly audited. Even DenyHosts (deny IP's that try to login frequently) is unnecessary and mostly annoying (I've been blocked out of my own machines quite frequently...).

My experience is that if you don't have data someone else wants, your biggest problem is automated scans for things like flakey PHP sites to send spam through. The most simple security measures, like IP whitelisting or running on a different port, are often enough for that.

credit: Halfgaar
Answered August 18, 2019
Your Answer