Criminals have long employed the tactic of masking their true identity, from disguises to aliases to caller-id blocking.
It should come as no surprise then, that criminals who conduct their nefarious activities on networks and computers should employ such techniques. IP spoofing is one of the most common forms of on-line camouflage.
In IP spoofing, an attacker gains unauthorized access to computer or a network by making it appear that a malicious message has come from a trusted machine by “spoofing” the IP address of that machine.
In the subsequent pages of this report, we will examine the concepts of IP spoofing: why it is possible, how it works, what it is used for and how to defend against it.
What is IP Spoofing
An IP (Internet Protocol) address is the address that reveals the identity of your Internet service provider and your personal Internet connection. The address can be viewed during Internet browsing and in all of your correspondences that you send.
IP spoofing hides your IP address by creating IP packets that contain bogus IP addresses in an effort to impersonate other connections and hide your identity when you send information. IP spoofing is a common method that is used by spammers and scammers to mislead others on the origin of the information they send.
How IP Spoofing Works
The Internet Protocol or IP is used for sending and receiving data over the Internet and computers that are connected to a network. Each packet of information that is sent is identified by the IP address which reveals the source of the information.
When IP spoofing is used the information that is revealed on the source of the data is not the real source of the information. Instead the source contains a bogus IP address that makes the information packet look like it was sent by the person with that IP address. If you try to respond to the information, it will be sent to a bogus IP address unless the hacker decides to redirect the information to a real IP address.
Why IP Spoofing is Used
IP spoofing is used to commit criminal activity online and to breach network security. Hackers use IP spoofing so they do not get caught spamming and to perpetrate denial of service attacks. These are attacks that involve massive amounts of information being sent to computers over a network in an effort to crash the entire network. The hacker does not get caught because the origin of the messages cannot be determined due to the bogus IP address.
IP spoofing is also used by hackers to breach network security measures by using a bogus IP address that mirrors one of the addresses on the network. This eliminates the need for the hacker to provide a user name and password to log onto the network.
Applications of IP spoofing
Many other attacks rely on IP spoofing mechanism to launch an attack, for example SMURF attack (also known as ICMP flooding) is when an intruder sends a large number of ICMP echo requests (pings) to the broadcast address of the reflector subnet.
The source addresses of these packets are spoofed to be the address of the target victim. For each packet sent by the attacker, hosts on the reflector subnet respond to the target victim, thereby flooding the victim network and causing congestion that results in a denial of service (DoS).
Therefore, it is essential best practice to implement anti spoofing mechanisms to prevent
IP spoofing wherever feasible.
Anti spoofing control measures should be implemented at every point in the network where practical, but they are usually most effective at the borders among large address blocks or among domains of network administration.
Spoofing Attacks
There are a few variations on the types of attacks that successfully employ IP spoofing. Although some are relatively dated, others are very pertinent to current security concerns.
ip-spoofing-8857-iXEOINO.pptx (79 KB)
ip-spoofing-8857-czczgwT.docx (86 KB)