IP spoofing is crafted with the source IP address of Internet Protocol (IP). Packets that have been modified to locate another computer system or hide the identity of the sender or both. In IP spoofing, the header field for the source. IP address contains an address that differs from the actual source IP address.
IP spoofing is a technology that is often used to launch Distributed Denial of Service (DDoS) attacks and man-in-the-middle (MITM) attacks distributed against devices targeted by hackers or surrounding infrastructure. The goal of a DDoS attack is to reduce the target with traffic by hiding. The identity of the malicious source, thereby preventing mitigation efforts.
Using IP addresses that are spoofed can give attackers the following capabilities:
- Search by officers as well as forensic cyber visitors and avoid going.
- Prevent targeted devices from alerting them to attacks.
- Bypass security scripts, devices, and services that attempt to mitigate. DDoS attacks by blacklisting known IP addresses as sources of malicious traffic.
How IP spoofing Works
In IP spoofing, the attacker modifies the source address in the outgoing packet header. So that the destination computer treats the packet as if it is coming from a trustworthy source, such as a computer. On the enterprise network and the destination computer will accept it.
When hackers use IP addresses with packets to bad servers, so they become useless by legitimate users. Large BOTNET can have thousands of computers, each of which can impair multiple source IP addresses at the same time. As a result, this automated attack is difficult to ascertain.
How to prevent IP spoofing
Organizations can take measures to prevent bad packets from their network.Monitoring network for a typical activity.The packet filtering system is able to detect the deployment anomalies, such as an outgoing packet containing source IP addresses that do not match those on the company network.
Using strong validation methods for all remote access, including the system on the enterprise, to prevent an attacker from accepting poorly-packaged packets from the intranet, which has already broken another system on the Enterprise network. To authenticate IP address of inbound IP packets.
Using the network attack blocker.
- The firewall (What are the Firewall) is an important tool to block IP packets with spoof addresses, and all enterprise routers must be configured with an eye to reject packets with the addresses that are spoofed. Some basic ideas include:
- Configuring firewalls and routers to packet rejection with the private IP for origination from outside the enterprise perimeter.
- Blocking traffic that originates from within the enterprise but that spoils the external address as the source IP address; This prevents spoofing attacks that begin from inside the enterprise against other, external, networks.
Types of spoofing
- IP spoofing occurs on the network layer (layer 3 of the OSI communication model), but the spoofing device in the spoof resolution Protocol (ARP) header is on the media access control (MAC) data link layer, which is in the Ethernet frame carrying that protocol.
- ARP spoofing attack occurs when an attacker sends an incorrect ARP message on the local area network. It connects the MAC address of the hacker on the network to the IP address of a legitimate computer or server.
- Another type of spoofing is the Domain Name System (DNS) spoofing. This type of attack exploits DNS vulnerabilities and moves Internet traffic away from legitimate servers and leads to fake servers.
- Hackers can also impair email to indicate the email header. Fields incorrectly, thereby revealing that the message originated from a separate sender. A spoofed email is often part of a phishing attack that contains a link to a spoof phishing website. A duplicate version of a website that appears to be original. The spoof website tried to steal users ‘ login credentials or other confidential information to assure them they are on a legitimate site.