Ip Address Spoofing - Wikipedia.pdf

  • Uploaded by: Anju Vijayan
  • 0
  • 0
  • June 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Ip Address Spoofing - Wikipedia.pdf as PDF for free.

More details

  • Words: 996
  • Pages: 14
IP address spoofing This article needs additional citations for verification.

Learn more

example scenario of IP address spoofing

In computer networking, IP address spoofing or IP spoofing is the creation of

Internet Protocol (IP) packets with a false source IP address, for the purpose of impersonating another computing system.[1]

Background The basic protocol for sending data over the Internet network and many other computer networks is the Internet Protocol (IP). The protocol specifies that each IP packet must have a header which contains (among other things) the IP address of the sender of the packet. The source IP address is normally the address that the packet was sent from, but the sender's

address in the header can be altered, so that to the recipient it appears that the packet came from another source. The protocol requires the receiving computer to send back a response to the source IP address, so that spoofing is mainly used when the sender can anticipate the network response or does not care about the response. The source IP address provides only limited information about the sender. It may provide general information on the region, city and town when on the packet was sent. It does not provide information

on the identity of the sender or the computer being used.

Applications IP address spoofing involving the use of a trusted IP address can be used by network intruders to overcome network security measures, such as authentication based on IP addresses. This type of attack is most effective where trust relationships exist between machines. For example, it is common on some corporate networks to have internal systems trust each other, so that users can log in without a username or password provided they are connecting

from another machine on the internal network (and so must already be logged in). By spoofing a connection from a trusted machine, an attacker on the same network may be able to access the target machine without authentication. IP address spoofing is most frequently used in denial-of-service attacks, where the objective is to flood the target with an overwhelming volume of traffic, and the attacker does not care about receiving responses to the attack packets. Packets with spoofed IP addresses are more difficult to filter since each spoofed packet appears to come from a different address,

and they hide the true source of the attack. Denial of service attacks that use spoofing typically randomly choose addresses from the entire IP address space, though more sophisticated spoofing mechanisms might avoid unroutable addresses or unused portions of the IP address space. The proliferation of large botnets makes spoofing less important in denial of service attacks, but attackers typically have spoofing available as a tool, if they want to use it, so defenses against denialof-service attacks that rely on the validity of the source IP address in attack packets might have trouble with spoofed packets. Backscatter, a technique used to observe

denial-of-service attack activity in the Internet, relies on attackers' use of IP spoofing for its effectiveness.

Legitimate uses The use of packets with a false source IP address is not always evidence of malicious intent. For example, in performance testing of websites, hundreds or even thousands of "vusers" (virtual users) may be created, each executing a test script against the website under test, in order to simulate what will happen when the system goes "live" and a large number of users log on at once.

Since each user will normally have its own IP address, commercial testing products (such as HP LoadRunner, WebLOAD, and others) can use IP spoofing, allowing each user its own "return address" as well.

Services vulnerable to IP spoofing This section does not cite any sources. Learn more

Configuration and services that are vulnerable to IP spoofing: RPC (Remote procedure call services)

Any service that uses IP address authentication The X Window System The R services suite (rlogin, rsh, etc.)

Defense against spoofing attacks Packet filtering is one defense against IP spoofing attacks. The gateway to a network usually performs ingress filtering, which is blocking of packets from outside the network with a source address inside the network. This prevents an outside attacker spoofing the address of an internal machine. Ideally the gateway would also perform egress filtering on

outgoing packets, which is blocking of packets from inside the network with a source address that is not inside. This prevents an attacker within the network performing filtering from launching IP spoofing attacks against external machines. It is also recommended to design network protocols and services so that they do not rely on the source IP address for authentication.

Upper layers Some upper layer protocols provide their own defense against IP spoofing attacks.

For example, Transmission Control Protocol (TCP) uses sequence numbers negotiated with the remote machine to ensure that arriving packets are part of an established connection. Since the attacker normally cannot see any reply packets, the sequence number must be guessed in order to hijack the connection. The poor implementation in many older operating systems and network devices, however, means that TCP sequence numbers can be predicted.

Other definitions

The term spoofing is also sometimes used to refer to header forgery, the insertion of false or misleading information in e-mail or netnews headers. Falsified headers are used to mislead the recipient, or network applications, as to the origin of a message. This is a common technique of spammers and sporgers, who wish to conceal the origin of their messages to avoid being tracked.

See also Egress filtering Ingress filtering Network address translation

Reverse path forwarding RFC 1948 , Defending Against Sequence Number Attacks, May 1996 Router (includes a list of manufacturers) Spoofed URL MAC Spoofing

References 1. Tanase, Matthew (March 10, 2003). "IP Spoofing: An Introduction" . Symantec. Retrieved September 25, 2015.

External links ANA Spoofer Project: State of IP Spoofing and Client Test

Retrieved from "https://en.wikipedia.org/w/index.php? title=IP_address_spoofing&oldid=882255547"

Last edited 2 months ago by Qzd Content is available under CC BY-SA 3.0 unless otherwise noted.

Related Documents

Ip Spoofing
July 2020 7
Ip Address
October 2019 36
Ip Address
June 2020 25
Ip Address
June 2020 25
Ip Address
December 2019 31

More Documents from ""