A spoofing attack is a process of attempting to breach a network’s security by altering the source addresses of packets, making them appear as though they came from a trusted user within the network, rather than from a distrusted outside user.
Spoofing is one of the methods by which hackers attempt to compromise a network’s security and is of particular concern when a network is connected to the Internet.
How to protect our network against spoofing attacks?
Because of limitations in the design of the current Internet Protocol (IP) standard, IPv4, spoofing of IP packets cannot be prevented, only protected against.
One way to protect your network against IP address spoofing is to use the packet-filtering features of a router or firewall. Configure your packet-filtering router so that the input filter on the external router interface discards any packet coming from the external network whose source address makes it look like it originated from your own internal network. Similarly, configure the output filter on your internal router interface to discard any outgoing packets that have a source address different from that of your internal network to protect against spoofing attacks from within your own network.
A very common defense against spoofing is ingress filtering, outlined in BCP38 (a Best Common Practice document). Ingress filtering is a form of packet filtering usually implemented on a network edge device which examines incoming IP packets and looks at their source headers.
If the source headers on those packets don’t match their origin or they otherwise look fishy, the packets are rejected. Some networks will also implement egress filtering, which looks at IP packets exiting the network, ensuring that those packets have legitimate source headers to prevent someone within the network from launching an outbound malicious attack using IP spoofing.