B4J Question Spoofing of IP address with FTP

JackKirk

Well-Known Member
Licensed User
Longtime User
Hi,

Some time ago I implemented an FTP server in an AWS Windows EC2 instance using:

https://www.b4x.com/android/forum/t...d-with-socket-and-asyncstreams.74320/#content

as a template.

I am now going thru my project bulletproofing everything and have added the ability to beef up the authentication by checking the IP address of the client using:
B4X:
        Dim jo As JavaObject = socket
user.FTPIPaddr = jo.GetFieldJO("socket").RunMethodJO("getInetAddress", Null).RunMethod("getHostAddress", Null)
In the Initialize method of the FTPClient class.

This all works nicely.

Doing some additional googling on "spoofing" and it seems that a miscreant can (to quote Wikipedia):
The basic protocol for sending data over the Internet network and many other computer networks is the Internet Protocol (IP). The protocol specifies that each IP packet must have a header which contains (among other things) the IP address of the sender of the packet. The source IP address is normally the address that the packet was sent from, but the sender's address in the header can be altered, so that to the recipient it appears that the packet came from another source.

The protocol requires the receiving computer to send back a response to the source IP address, so that spoofing is mainly used when the sender can anticipate the network response or does not care about the response.

The source IP address provides only limited information about the sender. It may provide general information on the region, city and town when on the packet was sent. It does not provide information on the identity of the sender or the computer being used.
I think this means they can change the IP address in the header but not the IP address the response is sent to.

If this is so which IP address am I getting with my above code - the one in the header or the one the response is sent to?

Thanks for any enlightenment...
 

OliverA

Expert
Licensed User
Longtime User
I think this means they can change the IP address in the header but not the IP address the response is sent to.

If this is so which IP address am I getting with my above code - the one in the header or the one the response is sent to?

Thanks for any enlightenment...
There is one source IP in the header. There is not a “spoofed” one and a normal source IP. Therefore, you will always get the spoofed IP. It’s meaningless to spoof the destination address, since that’s where the packet is going.
 
Upvote 0

JackKirk

Well-Known Member
Licensed User
Longtime User
OliverA,

Thanks for your response.

Does anyone know of anyway to detect if the IP address is spoofed?
 
Upvote 0
Top