Any machine on a network or on the internet that uses the Internet Protocol is prone to IP spoofing attacks. An IP spoofing attack is a sophisticated way by which a machine falsely authenticates itself as another machine. The machine sends forged packets similar to those that could have been sent by the authentic machine.
IP spoofing works on the two basic issues of inter network systems; trust and authentication. The attacker earns trust from the destination machine by faking packages similar to a trusted source. The attacking machine is authenticated based on this trust. The relationship between trust and authentication is inverse in that, the more trust there is between a source and destination of a network package, the less the need for authentication and vice versa. This is a basic flaw in Transmission Transfer Protocol/Internet Protocol suite that allows IP spoofing.
To spoof a computer, the attacker first identifies a pair of connected machines to attack. The attacker deactivates one of the pair it intends to mimic. This could be done by performing a SYN flood, a Ping of Death attack or any denial-of-service attack. Once the host machine is asleep, the attacker forges the IP address of the machine it is pretending to be and connects to the other in the pair with the assumed identity. The only problem here is that, the attacker must be able to correctly guess the correct sequence of packet identities. Once this is done, the machine is correctly spoofed.
IP spoofing could cost owners of victim machines lots of money, in terms of the amount of information copied. One portion of the cost could also result from the amount data corrupted or the cost of damage caused to the machine. It could cost businesses if their valuable data such as strategic information is copied and sold to their competitors. This could result in lost of goodwill and money to the business. The loss of valuable document . could also be deadly to a business.
IP spoofing has been categorized based on the methods used. Blind spoofing occurs when only one machine in the pair being attacked is visible to the attacker. Active spoofing occurs when the attacker can see both machines in the communication pair, observes their communication pattern and then responds accordingly. Other types of spoofing are Address Resolution Table spoofing, Web spoofing and Domain Name System spoofing.
There are software tools available that could be used for spoofing. Apsend supports Transmission Transfer Protocol, Internet Protocol, UDP and ICMP. It can be used to perform SYN flood attacks, UDP flood attacks and ping flood attacks. Ettercap is another powerful tool for spoofing. It does Address Resolution Table poisoning and packet filtering. Arpspoof is part of the dsniff suite and does ARP spoofing.
To avoid attacks on machines, trusted relationships must be on some other parameter other than the IP address only. Use TCP wrappers on Linux systems and change system permission on Windows systems. Use encrypted and secured protocols for communication and use random ISN numbers that cannot easily be guessed.
About Author / Additional Info: