Various organizations are facing different types of cyber-attacks these days which have a serious negative impact on the proper functioning of those companies. And Spoofing is one of them. Spoofing is the act of disguising itself as someone known in the network. Spoofing can be applied to emails, phone calls, websites, and even IP addresses. IP spoofing creates IP packets and sends them in the network by modifying the source IP address in order to hide the identity of the sender or for impersonating another computer system or even both.

The primary way of communicating in the network is actually by sending and receiving the packets. The IP packet consists of header and payload (i.e. body). The header of the IP packet consists of the IP version, source IP address, and destination IP address while the payload consists of the actual information to be sent. The source IP address is the address of the sender and the destination IP address is the address of the receiver. In order to communicate, the sender sends the packet to the destination computer and receives the response after the receiver has received the packets. These packets are spoofed by forging the source IP address.

The attackers uses IP spoofing to overwhelm the computer services with packets of data ultimately shutting them down. There are mainly two ways to overload the traffic of the target computer using IP spoofing. The first one is to flood the selected target with the packet from multiple spoofed addresses by sending victim tons of data making them unable to handle. This is a direct method of IP spoofing. The second method is an indirect one. Here the packets are sent to many different recipients on the network using the spoofed IP address. The attacker disguises to be the target computer and send packets to other devices. Since the spoofed packets appear to be from the target’s computer, all the responses are sent to the target’s computer causing floods of packets on the target’s computer.

Illustration of the concept

The received spoofed packets appear to be from a legitimate source. In some of the networks, trust relationships are in place between machines and internal systems. In this type of network, IP addresses are used to verify machine identities to access the systems rather than user login. This type of authentication is known as IP address-based authentication. The IP spoofing method is used by attackers sometimes to bypass IP address-based authentication. There are several types of attacks that are launched through IP spoofing. Blind spoofing, Non-blind spoofing, DDoS attacks, man-in the middle attacks are some examples.

Illustration of the concept

Spoofed packets are difficult to be detected as the source IP address seems to be authorized. But there are various preventive measures that can reduce the possibility of IP spoofing. Key-based authentication should be used rather than IP address-based authentication. This will reduce the risk of spoofing. If possible, configuring routers and switches to reject packets originating from outside the local networks but claiming to originate from within will not allow the spoofed packets to enter the network.

IP spoofing is a cyber-attack that shuts down the target’s computer by flooding it with tons of spoofed packets. The attackers will have unauthorized access over the computers and networks, and in certain cases, IP spoofing may have negative impacts on the business and economy of some organizations where computers are responsible to provide services. However, IP spoofing is not always considered to be illegal. Sometimes VPN service is used or IP address is changed in order to browse the internet safely. But IP spoofing will be illegal if it is used to harm others or someone pretends to be someone else and commits cybercrime.

Article by:

Shreya Shrestha

CS-2nd year


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *