Jump to content
 







Main menu
    


Navigation  


Main page
 Contents
 Current events
 Random article
 About Wikipedia
 Contact us
 Donate
  



Contribute  


Help
 Learn to edit
 Community portal
 Recent changes
 Upload file
  







Search  

































Create account

Log in
 









Create account
  Log in
  



Pages for logged out editors learn more  


Contributions
 Talk
  


















Contents

   



(Top)
  


1 Background  




2 Applications  




3 Legitimate uses  




4 Services vulnerable to IP spoofing  




5 Defense against spoofing attacks  


5.1  Upper layers  






6 Other definitions  




7 See also  




8 References  




9 External links  













IP address spoofing






العربية
 Български
 Català
 Čeština
 Deutsch
 Ελληνικά
 Español
 فارسی
 Français
Hrvatski
 Italiano
 Magyar
Nederlands
Polski
 Português
 Русский
 Slovenčina
 Suomi
 Türkçe
 Українська
 
Edit links
  








Article
 Talk
  
















Read
 Edit
 View history
  







Tools
    


Actions  


Read
 Edit
 View history
  



General  


What links here
 Related changes
 Upload file
 Special pages
 Permanent link
 Page information
 Cite this page
 Get shortened URL
 Download QR code
 Wikidata item
  



Print/export  


Download as PDF
 Printable version
  















Appearance
    

 





From Wikipedia, the free encyclopedia
  

Example scenario of IP address spoofing

Incomputer networking, IP address spoofingorIP spoofing is the creation of Internet Protocol (IP) packets with a false source IP address, for the purpose of impersonating another computing system.[1]

Background[edit]

The basic protocol for sending data over the Internet network and many other computer networks is the Internet Protocol (IP). The protocol specifies that each IP packet must have a header which contains (among other things) the IP address of the sender of the packet. The source IP address is normally the address that the packet was sent from, but the sender's address in the header can be altered, so that to the recipient it appears that the packet came from another source.

The protocol requires the receiving computer to send back a response to the source IP address therefore spoofing is mainly used when the sender can anticipate the network response or does not care about the response.

The source IP address provides only limited information about the sender. It may provide general information on the region, city and town when on the packet was sent. It does not provide information on the identity of the sender or the computer being used.

Applications[edit]

IP address spoofing involving the use of a trusted IP address can be used by network intruders to overcome network security measures, such as authentication based on IP addresses. This type of attack is most effective where trust relationships exist between machines. For example, it is common on some corporate networks to have internal systems trust each other, so that users can log in without a username or password provided they are connecting from another machine on the internal network – which would require them already being logged in. By spoofing a connection from a trusted machine, an attacker on the same network may be able to access the target machine without authentication.

IP address spoofing is most frequently used in denial-of-service attacks,[2] where the objective is to flood the target with an overwhelming volume of traffic, and the attacker does not care about receiving responses to the attack packets. Packets with spoofed IP addresses are more difficult to filter since each spoofed packet appears to come from a different address, and they hide the true source of the attack. Denial of service attacks that use spoofing typically randomly choose addresses from the entire IP address space, though more sophisticated spoofing mechanisms might avoid non-routable addresses or unused portions of the IP address space. The proliferation of large botnets makes spoofing less important in denial of service attacks, but attackers typically have spoofing available as a tool, if they want to use it, so defenses against denial-of-service attacks that rely on the validity of the source IP address in attack packets might have trouble with spoofed packets.

In DDoS attacks, the attacker may decide to spoof the IP source address to randomly generated addresses, so the victim machine cannot distinguish between the spoofed packets and legitimate packets. The replies would then be sent to random addresses that do not end up anywhere in particular. Such packages-to-nowhere are called the backscatter, and there are network telescopes monitoring backscatter to measure the statistical intensity of DDoS attacks on the internet over time.[3]

Legitimate uses[edit]

The use of packets with a false source IP address is not always evidence of malicious intent. For example, in performance testing of websites, hundreds or even thousands of "vusers" (virtual users) may be created, each executing a test script against the website under test, in order to simulate what will happen when the system goes "live" and a large number of users log in simultaneously.

Since each user will normally have its own IP address, commercial testing products (such as HP LoadRunner, WebLOAD, and others) can use IP spoofing, allowing each user its own "return address" as well.

IP spoofing is also used in some server-side load balancing. It lets the load balancer spray incoming traffic, but not need to be in the return path from the servers to the client. This saves a networking hop through switches and the load balancer as well as outbound message processing load on the load balancer. Output usually has more packets and bytes, so the savings are significant.[4][5]

Services vulnerable to IP spoofing[edit]

Configuration and services that are vulnerable to IP spoofing:

Defense against spoofing attacks[edit]

Packet filtering is one defense against IP spoofing attacks. The gateway to a network usually performs ingress filtering, which is blocking of packets from outside the network with a source address inside the network. This prevents an outside attacker spoofing the address of an internal machine. Ideally, the gateway would also perform egress filtering on outgoing packets, which is blocking of packets from inside the network with a source address that is not inside. This prevents an attacker within the network performing filtering from launching IP spoofing attacks against external machines. An intrusion detection system (IDS) is a common use of packet filtering, which has been used to secure the environments for sharing data over network and host-based IDS approaches.[citation needed]

It is also recommended to design network protocols and services so that they do not rely on the source IP address for authentication.

Upper layers[edit]

Some upper layer protocols have their own defense against IP spoofing attacks. For example, Transmission Control Protocol (TCP) uses sequence numbers negotiated with the remote machine to ensure that arriving packets are part of an established connection. Since the attacker normally cannot see any reply packets, the sequence number must be guessed in order to hijack the connection. The poor implementation in many older operating systems and network devices, however, means that TCP sequence numbers can be predicted.

Other definitions[edit]

The term spoofing is also sometimes used to refer to header forgery, the insertion of false or misleading information in e-mailornetnews headers. Falsified headers are used to mislead the recipient, or network applications, as to the origin of a message. This is a common technique of spammers and sporgers, who wish to conceal the origin of their messages to avoid being tracked.

See also[edit]

References[edit]

  1. ^ Tanase, Matthew (March 10, 2003). "IP Spoofing: An Introduction". Symantec. Retrieved September 25, 2015.
  • ^ Veeraraghavan, Prakash; Hanna, Dalal; Pardede, Eric (2020-09-14). "NAT++: An Efficient Micro-NAT Architecture for Solving IP-Spoofing Attacks in a Corporate Network". Electronics. 9 (9): 1510. doi:10.3390/electronics9091510. ISSN 2079-9292.
  • ^ "GRIN – Today's Impact on Communication System by IP Spoofing and Its Detection and Prevention". www.grin.com. Retrieved 2020-07-21.
  • ^ "Network Dispatcher: A Connection Router for Scalable Internet Services".
  • ^ "Dispatcher component". IBM.

    • External links[edit]


    Retrieved from "https://en.wikipedia.org/w/index.php?title=IP_address_spoofing&oldid=1221433616"
    Categories: 
    Internet security
     Deception
     IP addresses
     Types of cyberattacks
     Hidden categories: 
    Articles with short description
     Short description is different from Wikidata
     Articles needing additional references from February 2012
     All articles needing additional references
     Articles needing additional references from September 2016
     All articles with unsourced statements
     Articles with unsourced statements from December 2020
      


    This page was last edited on 29 April 2024, at 22:41 (UTC).
    Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization.


    Privacy policy
    About Wikipedia
    Disclaimers
    Contact Wikipedia
    Code of Conduct
    Developers
    Statistics
    Cookie statement
    Mobile view


    Wikimedia Foundation
    Powered by MediaWiki