Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Possibility of a whitelisted (Internet) IP address being spoofed

Posted on 2016-07-29
4
Medium Priority
?
161 Views
Last Modified: 2016-08-01
Currently we don't permit Tcp25 from public Internet to our Exchange server:
all emails go to our internet-facing ProofPoint , then only ProofPoint forward
it our Exchange 2010 server

We plan to permit Tcp 25 direct into our local Exchange 2010 server from an
IP address ie whitelist this public IP address which is our HQ's ProofPoint IP:

a) if it's only a firewall rule that permit our HQ's ProofPoint IP to come in to
    our Exchange server, I guess this IP can be spoofed.  What if this IP is also
    whitelisted, can it be spoofed as well?  I read only Udp can be spoofed or
    is this mistaken?

b) is there any risk of MITM attack for this forwarding ?  The forwarded emails
     are not encrypted
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 19

Accepted Solution

by:
Mal Osborne earned 1000 total points
ID: 41734298
A) Probably not. A device spoofing your IP address would somehow need to be able to the routed from and too.

B) In theory, anyone who can get to see your traffic could implement a "Man in the middle" attack, unless encryption is used. Unencrypted email is not very secure.
0
 
LVL 97

Assisted Solution

by:John Hurst
John Hurst earned 1000 total points
ID: 41734560
We plan to permit TCP 25 direct

At a client, my own consulting machine has a DHCP reservation and then that IP address is allowed in the Juniper firewall so that I may send out email separately from their email system.

I do not think you are at excessive risk for doing this. My machine does not compromise the client network.
0
 

Author Comment

by:sunhux
ID: 41734739
https://community.mimecast.com/docs/DOC-1419

Refer to above link: there are indications in the link that allude to IP addr spoofing:

Create an Anti-Spoofing Policy to Allow "Spoofing Based on IP"

5.Enter the list of hostnames to apply the bypass to in the Hostnames box. Confirmation is issued
   that the "IP address used by the sending server matches the hostname specified"
   ie for the protection to be effective, it needs both IP address plus hostname to match
0
 
LVL 97

Assisted Solution

by:John Hurst
John Hurst earned 1000 total points
ID: 41735147
I looked quickly and will look again when I have time. If your firewall is otherwise properly locked down, open a port for one IP address only (not everyone) is not likely to cause harm.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question