IP spoofing A Simple Introduction

IP spoofing is the process of creating IP packets with a spoofed source with the purpose of hiding the identity of sender. IP spoofing is a common method that is used by spammers and scammers to mislead others on the origin of the information they send. Hackers use IP spoofing so they do not get caught spamming and to perpetrate denial of service attacks.


To understand How it works, we must examine the structure of TCP/IP protocol header.The header of each IP packet contains, among other things, the numerical source and destination address of the packet. The source address is normally the address that the packet was sent from. By forging the header so it contains a different address, an attacker can make it appear that the packet was sent by a different machine. The machine that receives spoofed packets will send a response back to the forged source address, which means that this technique is mainly used when the attacker does not care about the response or the attacker has some way of guessing the response.


Defense against spoofing

Filtering at the router
Avoid using the source address authentication. Implement cryptographic authentication system-wide.
Configuring your network to reject packets from the Net that claim to originate from a local address.
Implementing ingress and egress filtering on the border routers and implement an ACL (access control list) that blocks private IP addresses on your downstream interface.

please comment below if this post is useful for you..

No comments:

Post a Comment