Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Can we have the ability to set destinations as we are able to set source addresses on the firewall, please. Question Question
Digital Ocean firewall on private network? Question Question

Question

Does the cloud firewall prevent IP address spoofing?

Posted May 29, 2018 2.2k views
DigitalOcean Cloud Firewalls

As the cloud firewall filters based on source IP addresses: Would it be possible for an attacker to create packets that have a spoofed source IP address and thus break through the firewall?
I mean, assuming the attacker knew any whitelisted source IP addresses…
I’m asking for both, the external network interface as well as the private network interface.
Thank you!

Add a comment
pgaubatz
By:
pgaubatz

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Can we have the ability to set destinations as we are able to set source addresses on the firewall, please. Question Question
Digital Ocean firewall on private network? Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer
moisey December 4, 2019

In the case of your firewall you are worried about someone establishing a connection and sending and receiving data, if someone was able to spoof an IP address, the return information would be sent to that IP address and so the “sender” would never receive it.

Also, services that are TCP oriented would probably reject that packet along the way, so it is unlikely to even reach the destination in the first place.

IP address spoofing is mostly used to create denial of service attacks on UDP based systems.

So the short answer is that you don’t have to worry about IP address spoofing. Plus in addition to the IP Address the assumption is that the user is still accessing a remote service that has some sort of authentication.

So you don’t have to worry about it.

Reply Report

Related

Looking for something else?

Ask a new question Search for more help