Is it safe to restrict access to a site by IP?
I know there is something called “IP spoofing” – does this mean that (under some conditions) IP restriction is not accurate?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is it safe to restrict access to a site by IP?
I know there is something called “IP spoofing” – does this mean that (under some conditions) IP restriction is not accurate?
If a client forges its source IP address, it will be very difficult to establish a TCP connection, because as @cdhowie noted in a comment below, the client would need to ACK the server’s SYN + ACK back, which it will never receive.
Spoofed IP addresses are mostly dangerous for denial of service attacks, as the attacker would not care about receiving responses to the attack packets, and they would be much more difficult to filter since each spoofed packet appears to come from a different address.