Question
I recieved a report that my cPanel servers are vulnerable to IP spoofing due to a lack of Destination-Side Source Address Validation (DSAV). What can I do to resolve this?
Answer
In December of 2019, Brigham Young University conducted a research experiment that found a lack of Destination-Side Source Address Validation on some networks. A lack of DSAV could allow an attacker to spoof a local IP address and engage in attacks such as DNS cache poisoning. More information can be found here:
https://imaal.byu.edu/#traffic
Please keep in mind that cPanel does not provide networking hardware or software. Our ability to provide support for the configuration of the network that your server resides in is extremely limited.
Questions and concerns regarding networking configuration and support are best directed to your network provider and / or a network administrator with the skills, training, and expertise required to consult on the topic with you.
Although this issue is not related to cPanel or the basic configuration of cPanel, we would like to offer the following information as a courtesy.
DSAV (destination-side source address validation) is the filtering of spoofed incoming traffic at the network border.
You may consider reaching out to your network provider to ask them to implement DSAV for you since this is something to be implemented at the network border.
You may also attempt to configure this within your own server. The following resource explains how you may go about configuring Source Address Verification on Linux:
https://opensource.com/article/18/2/block-local-spoofed-addresses-using-linux-firewall