2

I am using AWS security group inbound rules to only give private resources HTTP access to an EC2 instance, but public SSH access to my IP address

For this the instance requires a public IP address

I know that IP spoofing is quite easy to be done, but harder to make it work with SSL handshakes

My question is Could an attacker spoof private IPs from the typical AWS CIDRs 10.0.x.y and send HTTP requests to my EC2 instance?

The purpose of this question is to better know the security warranties of AWS security groups

Matias Haeussler
  • 1,061
  • 2
  • 12
  • 25
  • 3
    Are you worried about traffic coming from the Internet to your instance? Traffic cannot be directed from the Internet to the private IP addresses. Spoofing is about faking the _source_ IP address. So, they could spoof your own IP address to get through the Security Group to use SSH, but the return traffic would be sent to the "real" IP address, so they wouldn't see the response. Since SSH requires negotiation in both directions, the connection would not be established. – John Rotenstein Oct 01 '20 at 22:40

1 Answers1

0

Your IP probably would be statically locked on your unchangeable MAC. So packets with the wrong address will be filtered out somewhere. Would be easy to do in the software network bridge(s).

devopsimpostorsyndrome
  • 1