U
U
Urukhayy2015-07-27 14:07:33
System administration
Urukhayy, 2015-07-27 14:07:33

Is it possible to filter ip spoofing by UDP protocol?

Is it possible to filter ip spoofing by UDP protocol?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
R
Ruslan Fedoseev, 2015-07-27
@Urukhayy

You can filter. But here it is necessary to defend against it at a higher level. Those. if your server is spoofed, you can filter at the router level, if your router is spoofed, then at the provider level.
The fact is that the UDP protocol does not require a response. If for TCP it is enough just to drop - and the connection will break, the sender will not send traffic, then in UDP the drop does not matter. That is, if you drop traffic attacking you on the router, then it will still occupy your channel to the router

C
CyberGrom, 2015-09-03
@CyberGrom

When spoofing, packets arrive from different addresses, therefore, they cannot be filtered by ip. Although if we are talking about a server that is focused on Russian clients, then you can cut off all networks from "dangerous" countries in general.
Next, you need to understand what patterns there are in arriving packets. Usually, when spoofing, you can highlight such patterns as the same ttl, packet size, ports of departure and destination. And if, for example, you see that 99% of the packets have the same parameter, then you can cut off the attack by this parameter.
Some providers have a firewall where you can tell yourself which rules for incoming traffic should be applied. It costs several hundred rubles a month.
For example, at Multibyte https://mnogobyte.ru/firewall_rules.html

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question