IP SPOOFING

IP SPOOFING

One of the most common attacking technique is IP spoofing . It is common nowadays in the field of computer system or networking that a hacker uses different skills and tools to not only work for the security and defense of computer networking but also to attack on different servers and to harm the user in different manner . IP spoofing works a bit differently than other types of spoofing attack. This article presents the various types of IP Spoofing. Additionally, I will discuss about the mitigation measures in various ways.

Defining IP Spoofing in detail

IP Spoofing is also known as IP address forgery or host file hijack. IP spoofing is the creation of Internet protocol packets with a false source IP address, for the purpose of impersonating another computer system[1]. Here, spoofing generally refers to fooling and packet refers to the unit of data that includes information such as source address and destination address. So, IP spoofing can be defined as the process of replacing the source IP address with a fake IP address from the IP packets to hide the real identity of the sender. In fact, the source address is the address of the computer that the packet was sent from. By changing the address of the packet, an attacker can make it appear that the packet was sent by a different computer system.

How does IP Spoofing work ?

Before starting how does the IP address forgery works we should understood about how the internet communication works.

Working of Internet Communication

Actually in internet, communication data is transferred in the form of packets i.e. the client sends web requests in the form of data packets to the server, the packet will have the IP address of the computer it is coming from. Usually a client sends a request in the form of packets as a SYN (Sychronization) signal. In return to the client request, a server gives a response in the form of SYN/ACK signal. Finally, client sends ACK (Amplitude-shift keying) signal to the server. Hence, the connection is established between the client and the server and communication between them takes place. ( as shown in the figure below).

IP Spoofing

Working of IP Address Forgery

In case of the IP address forgery, communication takes place a bit differently. As mentioned above the server only starts communicating after getting ACK Signal. No sooner SYN/ACK signal is send by the server than the attacker sends the ACK signal with the same source and destination IP address to the server. This is when the server trusts that the attacker as the same user who had send the request to the server before connection is built in.

Read this one too :   Public shaming through social media

Despite receiving ACK/SYN signal from the user, the communication goes on between server and attacker. Finally, server starts communicating with attacker instead of user. Attacker does this by changing his own source address to the source address of the user. Take as an instance, suppose a user has a source address 1.2.3.4 and destination address is 5.5.5.5 that of server. Meanwhile, attacker has his/her own source address 9.8.7.6 changed to 1.2.3.4. Before user sends the ACK signal, attacker sends the ACK signal to the server with the source address of 1.2.3.4 by hiding original source address and server trust the attacker as the legitimate user then starts communicating as shown in figure below.

Types of IP Spoofing

There are mainly four types of host file hijack .They are Non-Blind spoofing , Blind spoofing, Man in the middle attack and DOS attack.

Non-blind spoofing

Non-Blind Spoofing attacks work on those networks where the attackers and victim are on the same subnet. Actually in this situation, the attacker can detech the network packets to know the sequence and required credentials being sent in the packets. One of the biggest threat of spoofing is session hijacking. It can be done by corrupting the data stream of an established connection with a valid user, then re-establishing the connection based on the correct sequence and credentials with the attack machine.

Blind Spoofing

In Blind Spoofing, sequence and acknowledgment numbers cannot be sniffed. So, it is a bit difficult than Non-Blind spoofing. So, attackers send several packets to target machine to get the correct sequence and acknowledgment numbers. After sending several packets, there may be the possibility of getting the right sequence and acknowledgment numbers. This attack has less chances of success.

Read this one too :   Financial Education

Man-in-the-Middle Attack

In man-in-the-middle attack, an attacker intercepts a legitimate communication between server and user. Then, the attacker controls the flow of data. He can alter the information being exchanged by server and user without the knowledge of either the original sender or the recipient.

DOS Attack

It is the one of the attack which is most difficult to defend against. Here attacker tries to consume the bandwidth and resources of a server. In this attack, an attacker only wishes to flood the victim’s machine with as many packets as possible in a short amount of time in order to make the victim’s machine inaccessible to valid users[2]. The attacker uses random source IP addresses to send packets to the machine to make tracing and stopping the DOS as difficult as possible.

Mitigation Measures for IP Spoofing

The solution of this problem involves many factors like filtering, access control list, configuring router and switches, avoid trust relationships, using spoofing detection software, using cryptographic network protocols and many more.

A very common defense against IP address forgery is filtering. Filtering is a form of packet filtering usually implemented on a network edge device which incoming IP packets and looks at their source header. If the source header don’t match their origin or they otherwise look fishy, the packets are then rejected in order to ensure only those packets which have legitimate source headers to prevent someone within the network from launching an outbound malicious attack using IP address forgery.

Furthermore you can configure your router and switches is they support such configuration, to reject packets originating from outside your local network that claim to originate from within. Not only configuring but also enabling encryption sessions on your router so that trusted hosts that are outside your network can securely communicate with your local host too.

References :

[1] What is IP Spoofing?

https://www.cloudflare.com/learning/ddos/glossary/ip-spoofing/

[2] IP Spoofing Attack and Defenses

http://tricksreal.blogspot.com/2012/11/ip-spoofing-attack-and-defenses_7343.html

Happy
Happy
50 %
Sad
Sad
%
Excited
Excited
%
Sleepy
Sleepy
%
Angry
Angry
%
Surprise
Surprise
50 %

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

Leave a Reply

ednep
ednep

Ednep.com is a platform that aims to provide educational materials in the form of courses, articles, tutorials, syllabus, opportunities and more.