Brief explanation of IP spoofing. How to protect against it?
-
Posted at 2021-03-30 18:21:47
-
By Prefixx Team
.jpg)
What is IP spoofing?
Spoofing is a particular form of cyber-attack that tries to use a desktop, device or a network to confuse other computer networks. The process works by disguising itself as a legit entity.
It is just one of the many tools that hackers use to try breaching the security & gain access to computers. After successfully gaining access, hackers start mining for sensitive data, making the computer useless, or begin DoS attacks. There are many types of spoofing, out of which IP Spoofing is the most common one.
In IP Spoofing, hackers first determine the IP address of a host that the targeted device would trust. Later, the hacker would change the headers of the data packets to trick the target into believing that the trusted entity is sending those data packets.
Types of Attacks Launched Through IP Spoofing
Cyber-attackers launch many kinds of attacks through IP spoofing. Here are four, out of many:
Blind spoofing
In this attack, the attacker is not on the same subnet as its target. Therefore, it becomes hard to get the correct TCP sequence numbers. The attacker, hence, uses IP source routing techniques.
The attacker sends multiple data packets to its target to obtain the correct sequence of numbers. These TCP sequence numbers are usually used to collect the packets in the same way as they're supposed to. For example, Packet 1 should be read first, then 2nd Packet, then 3rd, and so on.
However, the attacker does not know how the transmission is taking place on the subnet. Therefore, the attacker needs to blindfold (coax) the computer into responding to the requests, so he can easily analyze the sequence numbers.
After obtaining the correct TCP sequence numbers, the attacker can easily send data packets without authenticating during connection establishment.
Nonblind spoofing
In this attack, the attacker is on the subnet as his target is. Therefore, the attacker can easily obtain the sequence numbers using the existing transmissions between the other hosts & his target.
After obtaining the TCP sequence numbers, the attacker can easily hack into the sessions and bypass any type of authentication - giving him all the access he needs.
Denial-of-service (DoS) attack
The attackers need to disguise the large-scale attack from getting detected by the target. Therefore, the attackers use spoofing technique to hide the source of the attacks & make it tough to turn off the attacks.
The attacker keeps launching constant streams of data packets through multiple hosts to the target. This makes the transmissions completely spoofed and very hard to track down the sources.
Man-in-the-middle attack
This is like a sneak attack. When two devices are interfacing with each other by transmitting and receiving data packets, the attacker intercepts them the packets, alters them & send them to the target device.
But why is it like a sneak attack? Since both devices are completely unaware of the tampering of the data packets.
Man-in-the-middle attack help the attacker obtain confidential information & let the transmission of packets go on for a while. All this goes on without the host machine knowing that it is being used for spoofing.
How to Protect against IP spoofing?
While IP spoofing is one of the most popular tools used by hackers, there are still 5 things you can do to protect your network. Here's how to protect against IP spoofing:
1. Use a key or password to authenticate the connection between the devices on your network. For example, IPsec can help to significantly lower the risk of getting spoofed by malefactors.
2. You can also create an access control list to stop unknown IP addresses from interfacing on your subnet.
3. Implement filters to regulate both inbound & outbound traffic. This will significantly lower the risk of interference of malefactors.
4. Configure your routers & switches to deny any packets that are sourced from outside the perimeter of your local network, which claims to be from within.
5. Enable encryption on all sessions taking place through your router. In this way, only trusted hosts that are not on your subnet can securely transmit & receive packets from your local hosts.
