IP-Spoofing designates a dispatching of IP packages with falsified source IP address in computer nets.

The header of each IP package contains its source address. This should be the address, by which the package was sent. By falsifying the header in such a way that he contains another address, an aggressor can let the package look in such a way, as if the package was sent by another machine. This can be used from intruders to out-cheat safety precautions like Authentifizierung in the network, e.g. IP-addressbased, or serve for masking the own computer.

This kind of attack is most effective, if between the machines in a network confidence relations exists. In some firm nets it is quite usual that internal systems trust themselves mutually, so that a user can log in without user names and password, if he accesses from another internal machine the network and is logged in already therefore on another computer. As now a connection is falsified by a trustworthy machine, an aggressor could attack the target computer, without authentifizieren itself.

Counter measures

Package filters are a possible counter measure against IP-Spoofing. Gateway to a network should make a detailed filtering: Coming packages, which have source addresses of computers on the inside, are rejected from the outside. This prevents that an external aggressor can falsify the address of an internal machine. Ideal way should be filtered also outgoing packages, whereby packages are then rejected, whose source address does not lie within the network; this prevents the fact that IPs can be gespooft by external machines and is a demand of safety specialists, existing already for a long time, opposite Internet service Providern: If each ISP would filter consistently outgoing packages, which do not originate according to their source address from the own net, massive IP-Spoofing (frequent in connection with Denial OF service attacks) would be a substantially smaller problem than it today in the Internet is.

Some minutes on higher layers make own measures available against IP-Spoofing. The Transmission Control Protocol (TCP) uses for example sequence numbers, in order to guarantee that arriving packages are also really part of a developed connection. The bad implementation of the TCP Sequenznummern in many older operating systems and network devices leads however to the fact that it is perhaps possible the aggressor to guess the sequence numbers and to overcome so the mechanism. Alternatively he could try to become one into the Middle.

Safety implications

IP-Spoofing can be used for itself taken only limited for the break-down into other systems, since all answer packages of the attacked computer are sent to the falsified address. This behavior can turned around be used however also as "“weapon"”, if with gespooften packages SYN Flooding is operated; for this one sends falsified packages to certain computers, and the answer packages land with the victim indicated as source address, whose connection is possibly paralyzed thereby. The identity of the actual aggressor can be recognized only with difficulty thereby since the source of the answer packages is naturally the before surprised badless computer.

Related links

• http://www.grc.com/dos/drdos.htm - analysis of one on IP-Spoofing and SYN Flooding based Distributed Reflection Denial OF service attack
• Your IP address and hostname
• Show your IP address

Minutes Spoofing is used also for the data compression, and is used for the first time 1985 by the Hayes Smartmodem, which spoofte parts of UUCP minutes, in order to increase the information flow-rate. Log headers were stripped or removed completely, and reconstructed on that other side again.

Articles in category "IP-Spoofing"

We found here 14 articles.

Related Websites

We found here 5 related websites.

• CERT Advisory CA-1995-01 IP Spoofing Attacks and Hijacked Terminal ...
  The IP Spoofing portion of this advisory has been superseded by CA-96.21 ... We are currently seeing attacks in which intruders combine IP spoofing with use ...


• IP Spoofing Demystified
  The purpose of this paper is to explain IP-spoofing to the masses. ... IP-spoofing is complex technical attack that is made up of several components. ...


• IP Spoofing: An Introduction
  IP spoofing allows an attacker to gain unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted ...


• IP-spoofing Demystified ] (Trust-Relationship Exploitation) by ...
  IP-spoofing is complex technical attack that is made up of several components. ... However, in this paper, IP-spoofing will refer to the whole attack. ...


• What is IP spoofing - A Word Definition From the Webopedia ...
  This page describes the term IP spoofing and lists other pages on the Web where you can find additional information.