On 2017-01-25, C. L. Martinez <carlopm...@gmail.com> wrote: > Hi all, > > I have received a (maybe) "stupid" request from one of our customers. > We have a pair of public OpenBSD firewalls (CARPed) that our development > team use to access to several customers via VPN IPsec tunnels. But this > morning we have received a request from one of these cutomers to access > to our development servers using only one acl to permit their public IP > address (without using VPN IPsec, or VPN SSL tunnels). > > And my (OT) question: how easy is to do a MITM attack (DNS spoofing > for example, or another type of attack that permits to fake source > public ip address) in this scenario?
For an attacker with no access to endpoints or network in between: - For many protocols including UDP, it is absolutely trivial to send traffic from a fake source address. - With TCP it depends on various things but sometimes you can predict enough of the IP stack behaviour to spoof blindly and send data. reassemble tcp + random-id can help. If an attacker can MITM (either by getting $client to send to their machine instead of yours directly, they can obviously log or modify packets before forwarding on to the real server. It depends what you're running over it as to whether this is a problem.
