Computerworld - The term "spoofing" is generally regarded as slang, but refers to the act of fooling -- that is, presenting a false truth in a credible way. There are several different types of spoofing that occur, but most relevant to networking is the IP spoof. Most types of spoofing have a common theme: a nefarious user transmits packets with an IP address, indicating that the packets are originating from another trusted machine.
The first step in spoofing is determining the IP address of a host the intended target trusts. After that, the attacker can change the headers of packets to make it seem like the transmissions are originating from the trusted machine.
What sorts of attacks are launched through IP spoofing? To name a few:
- Blind spoofing: In this type of attack, a cracker outside the perimeter of the local network transmits multiple packets to his intended target to receive a series of sequence numbers, which are generally used to assemble packets in the order in which they were intended -- Packet 1 is to be read first, then Packet 2, 3 and so on.
The cracker is blind to how transmissions take place on this network, so he needs to coax the machine into responding to his own requests so he can analyze the sequence numbers.
By taking advantage of knowing the sequence number, the cracker can falsify his identity by injecting data into the stream of packets without having to have authenticated himself when the connection was first established. (Generally, current operating systems employ random sequence number generation, so it's more difficult for crackers to predict the correct sequence number.)
- Nonblind spoofing: In this type of attack, the cracker resides on the same subnet as his intended target, so by sniffing the wire for existing transmissions, he can understand an entire sequence/acknowledge cycle between his target and other hosts (hence the cracker isn't "blind" to the sequence numbers).
Once the sequence is known, the attacker can hijack sessions that have already been built by disguising himself as another machine, bypassing any sort of authentication that was previously conducted on that connection.
- Denial-of-service attack: To keep a large-scale attack on a machine or group of machines from being detected, spoofing is often used by the malefactors responsible for the event to disguise the source of the attacks and make it difficult to shut it off.
Spoofing takes on a whole new level of severity when multiple hosts are sending constant streams of packet to the DoS target. In that case, all the transmissions are generally spoofed, making it very difficult to track down the sources of the storm.
- Man-in-the-middle attack: Imagine two hosts participating in normal transmissions between each other. In a man-in-the-middle attack, a malicious machine intercepts the packets sent between these machines, alters the packets and then sends them on to the intended destination, with the originating and receiving machines unaware their communications have been tampered with; this is where the spoofing element enters the equation.
Typically, this type of attack is used to get targets to reveal secure information and continue such transmissions for a period of time, all the while unaware that the machine in the middle of the transmission is eavesdropping the whole time.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Architecting the Network of the Future Networks need to change, as does the way IT thinks about and manages them. In addition to reliability, IT must now add higher...
- BlackBeard Case Study In this case study, learn how a business with 95% of revenues generated online was hit by DDoS attacks over a 6-month period,...
- Four Ways DNS Can Accelerate Business Growth This e-book describes how DNS has developed over the years to support business growth as new needs have emerged, for example, advanced traffic...
- Gartner 2013 Magic Quadrant for Enterprise Backup/Recovery Software See why CommVault was positioned as the #1 leader in Gartner's 2013 Magic Quadrant for Enterprise Backup/Recovery software for the 3rd year in...
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
On-Demand Webcast: 7 Reasons to Choose VoIP
Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA...
All Network Security White Papers |