What is IP Spoofing? Types of IP Spoofing
Posted on October 14th, 2016
What is IP Spoofing
Before discussing about IP spoofing, let’s see take a look at IP addresses. An IP address is a unique set of numbers which separated with the full stops which is used to identify each computer using the Internet Protocol to communicate over a network. IP spoofing can be defined as an attacking technique where, the hacker pretends to be someone else is not as a trusted host and conceal his identity to gain access to a network and hijack the browsers. IP spoofing is also called IP address forgery or host file hijack. It is a technique to get unauthorized access to computers (servers) where the attacker sends messages to a computer network with an IP address indicating that the message is coming from another IP host which is a trusted one. At first, the hacker needs to find the IP address of a trusted host and then modify the headers of the packets which are being sent, so that it appears to the computer that the packets are coming from that trusted host. However, modern hardware’s used to establish the network such as routers and firewalls could give protection from IP spoofing. As we’ve seen earlier, this is an attacking technique commonly used by the spammers and scammers to mislead others on the origin of the information they send.
How does IP Spoofing work?
A user accesses the Internet from his/her local computer which has the IP address “192.168.0.5”. When an IP spoofing attack occurs, this address is hidden and the user sends the packets indicating the spoofed IP address “192.168.0.6” which is an authorized IP address. These IP addresses are used to identify each computer in the network. In Internet communication, the data is transferred in the form of packets. ie, the client sends web requests in the form of data packets to the server and the webserver sends back the responses in the form of data packets. When a client sends a packet to the server, the packet will have the IP address of the computer it is coming from. When an IP spoofing attack occurs, this source details that IP address which specifies the sender of the packet is not actual, but a bogus IP address which is permitted to access the website. This will make the server handle the request packet as it is coming from the permitted user. Thus the server grants access to the attacker and it can cause various security threats. This is how the IP spoofing works.
Types of attacks implemented through the IP spoofing
The IP spoofing can further cause various attacks. These attacks can be caused by the IP spoofing.
1) Blind Spoofing
2) Non-Blind Spoofing
3) Denial-of-service attack
4) Man-in-the-middle attack
In this type of attack, the attacker transmits multiple packets to his intended target to receive a series of numbers which are generally used to assemble packets in the order in which they intended to read the packets. ie, in the order of packet 1 to be read first, then packet 2 and then packet 3. In this attack, the hacker is not aware of how the transmissions takes place on this network so he needs to coax the machine into responding to his own requests so that he can analyze the sequence numbers. Now the attacker can inject data into the stream of packets without having authenticated himself when the connection was first established.
In this type of attack, the cracker resides on the same subnet as his intended target so that he is aware of the sequence of the packets. Thus the attack is called the non-blind spoofing.
When a DDoS attack is launched, the IP spoofing is used not to identify the exact machines from where the requests are coming. This makes the DDoS attack more powerful because, it will be difficult to identify the senders and block them.
When two machines are communicating with each other, the attacker intercepts the packets sent by the systems and alters the packets with the sending and receiving machines unaware their communication has been tampered.
If you need any further assistance please contact our support department.