Firewall Help - All About Firewalls and Computer Security
FirewallHelp.com Home FirewallHelp.com Home All About Firewalls Firewall Reviews Contact Us Firewall Sitemap Laptop Computer with Firewall Symbol
space space
space
 
What is IP Spoofing?

IP spoofing is a process that malicious hackers take advantage of, to cover their tracks during attacks.

The basic idea is to make the victim’s computer think it is being attacked by a completely different computer than the attacker used. Thus, the attacker gets away without problems. It all seems like the perfect plan, but luckily, there are ways to prevent IP spoofing.

Common Applications of IP Spoofing
IP Spoofing is used primarily to enforce a DDOS attack, or direct denial of service. This attack is quite simple - the attacker may use several computers to constantly send data to the victim’s computer. If enough data can be sent at once, and without end, the victim’s computer will become overloaded and will fail. This technique has also been employed in attacking websites, where this attack is much more common.

The MITM attack, or The Man in the Middle, also uses IP spoofing. Just like the name implies, this technique will intercept a connection between two computers. Once the connection is intercepted, the attacker can modify, create, or delete information as it is passed between the two sources. This may be a good way for attackers to get confidential information, usually without anyone finding out.

Session hijacking is another common application of IP spoofing. Through this method, an attacker can obtain the session of the victim. This means that any sort of password, username, or other critical information such as credit card numbers can be stolen. A prime example of this is automatic logins. When you go to a website that supports automatic logins, you are actually using a “session”. If this session was hijacked, that website would think it was you, and log the attacker in!

How it Works
The concept of IP spoofing is easy - the attacker just assumes the IP address of another computer, and then continues to attack another computer with their tracks covered. This enables attackers to use their own computer, but essentially hide their own IP address. Since IP addresses can be traced to a location, this practice has become essential in large-scale attacks.

Oddly enough, you have more than likely used IP spoofing. If you have ever used a proxy service, or proxy browser, you have taken advantage of IP spoofing. In this application, the server is masking your IP address. In most cases, this is to get through a firewall that a network has, which may be blocking websites you would like to visit while at school or work.

The applications don’t stop there - spammers love to use IP spoofing too! All the spam you receive in your email is more than likely routed through a proxy, which is IP spoofing the actual location of the spammer. This enables them to get away with sending mass emails to people who don’t want them. If done correctly, they can even appear to be sending an email from someone you know, or a legit company!

Defending Against IP Spoofing
Obviously, no one wants the police knocking on their door asking why you attacked another computer - when you were just a victim of IP spoofing. Victims would also like to counter the measures of spoofing, to see the real IP address of the attacker, and thus taking further action. The question is, how?

Since most IP spoofing attacks will originate in large networks, the majority of the solutions are for such. For instance, routers and switches may be configured to deny traffic from public sources that claim to be from within the network. Certain types of programs can filter ingoing and outgoing traffic - such as a firewall. This is the best solution for home users or small networks. Lastly, enabling encryption on your network’s router will ensure that only trusted hosts are allowed to communicate within the local network.

Closing Comments
IP spoofing generally is much less of a security risk than it was in previous years. Routers and switches now come with anti-spoofing features. Software such as firewalls or anti-spoofing specific applications can be downloaded for further protection. IP spoofing isn’t always a bad thing, however. Without IP spoofing, proxy browsers wouldn’t let workers and students around the globe the right to remain unproductive and entertained. ;)

 
Home | Contact | Sitemap | Disclaimer     ©2006 - 2013
Garden Articles