Every computer user will have heard of viruses. Some will be familiar with the term DDoS attack. But IP spoofing isn’t as infamous. Still, this kind of computer hacking claims victims every year. And, as always in the digital world, prevention is better than cure.
Here is a guide to everything you need to know about IP spoofing and what you can do about it…
What is IP spoofing?
IP spoofing is a method used by hackers to gain unauthorised access to computers. It’s used to gain privileged access to equipment or servers, to capture traffic to and from a server, and to launch denial of service attacks to render a server inaccessible.
In essence, it’s a technique that allows a computer with an IP address to accept data and messages and make that computer believe these are coming from a trusted source.
Spoofing can take many forms. This article will cover the most common spoofing threats and more importantly, how to prevent them.
In these spoofs, the attacker interrupts a normal transmission between an authentic sender and receiver.The malicious machine will intercept the packets of data being sent, for the purpose of corrupting the data. After the packets are tampered with, they will be sent back on the normal route between sender and receiver without either party noticing the attack. In most cases this form of attack is used to reveal secure information and to maintain an inconspicuous relationship between sender and receiver.
Blind IP spoofing
In this instance, the attacker uses a router to respond to the receiver. The receiver trusts the level 2 address of the gateway to reach the legitimate sender. The attacker can then use one of two types of source routing to receive packets from the host. In this type of attack the attacker is outside of the perimeter of the local network and is blind to how transmissions take place. The attacker must use source routing to convince the machine to respond to the attacking requests to anticipate sequence numbers. One the sequence is known the attacker can then insert data into the packets without authenticating the connection.
Non-blind IP spoofing
In this case, the attacker responds to the receiver and successfully anticipates the response code, tricking the receiver into believing the attacker is actually the sender. The attacker is then able to act as a trusted entity within the level three protection. To launch this type of attack the hacker must reside within the receiver’s subnet, hence the attacker is not-blind to the sequences being sent.
How to avoid being spoofed
1. Make a conscious effort to secure your IP communications. A protocol suite like IPsec with work to encrypt and authenticate every packet of a communication session. IPsec can be used to protect data flows between host and host, network and network, and network and host.
2.Use an access control list to specify which users or system processes are granted access to certain objects, and deny private IP addresses on your downstream interface.
3. Filter both inbound and outbound traffic.
4.Configure your routers and switches if they support such configuration, to reject packets originating from outside your local network that claim to originate from within.
5. Enable encryption sessions on your router so that trusted hosts that are outside your network can securely communicate with your local hosts.
If at any time you feel like you have been spoofed or are encountering a DoS attack please contact our support staff.