Thursday, September 17, 2015

What Is IP Address Spoofing?



In Computer Networking, IP Address Spoofing or IP Spoofing is the creation of IP packets, with a forged source IP address. This is often done for the purpose of concealing the identity of the sender or impersonating another computing system.







How is IP spoofing done?


Each IP packet contains a source IP address and a destination IP address in its header. By forging the header one can change the source IP address so that the packet will appear to come from a different IP address. The machine that gets the spoofed IP packets, will send response to the forged source address. Normally the attackers do not care about the response of the IP packets or they guess the response.



Why is IP spoofing done?


IP spoofing is done by attackers mainly in case of denial of service attacks. The attackers send overwhelming number of IP packets to a machine, forging the source addresses and do not care about the responses of the sent packets. They normally select different IP addresses as source addresses and it becomes difficult to filter out those packets. As a result, the target machine becomes overburdened with network traffic.

IP spoofing is also done by network intruders to defeat network security measures. Sometimes, machines internal to a network trust each other without authentication. In this sort of scenario, the attacker can spoof a connection from a trusted machine and access the target machine without authentication.



How to defend against IP spoofing attacks?


Packet filtering is one way of defending against the IP spoofing attacks. The gateway should block all the packets that come from outside the network, but has a source address internal to the network.

Sometimes, upper layer protocols provide their own way of defending against the IP spoofing attacks. As for example, at the time of establishing a TCP connection, sometimes random numbers are exchanged between the two machines that establish a connection. If the attacker does not receive the response, it won't be possible for him to successfully establish a TCP connection. But due to poor implementation on older Operating Systems or network devices, sometimes attackers can guess the sequence numbers.


So, this was a short article on IP spoofing, hope you liked it!

To know more about how IP address spoofing is done, you can look at the following link :


No comments:

Post a Comment