KINGDOM OF SAUDI ARABIA | JAZAN

UNIVERSITY

COLLEGE OF COMPUTER SCIENCE &

INFORMATION SYSTEMS

2019-2020, SECOND SEMESTER

IP SPOOFING

Student Name :
Student ID:

What is IP Spoofing ?
IP Spoofing is a technique used to gain unauthorized access to machines, whereby an attacker
illicitly impersonates another machine by manipulating IP packets. IP Spoofing involves
modifying the packet header with a forged (spoofed) source IP address, a checksum, and the
order value. Internet is a packet switched network, which causes the packets leaving one machine
may be arriving at the destination machine in different order. The receiving machine resembles
the message based on the order value embedded in the IP header. IP spoofing involves solving
the algorithm that is used to select the order sent values, and to modify them correctly.

This process usually starts by identifying your host and finding the IP address trusted by your
host so that you can send data packets and the host will see them as originating from a trusted IP
address but that’s not the case.

Hackers use IP spoofing to perform activities that are malicious and illegal. Some of the
activities that can be performed include Service denial and man in the middle attacks. These two
malicious acts are used by hackers to cause drama or havoc over the internet while hiding their
identity.

Let's look at possible attacks that can be launched with the help of IP spoofing.

 There are two general techniques are used during IP spoofing:

o A hacker uses an IP address that is within the range of trusted IP addresses.
o A hacker uses an authorized external IP address that is trusted.

 Other uses for IP spoofing:

o IP spoofing is usually limited to the injection of malicious data or commands
into an existing stream of data.
o A hacker changes the routing tables to point to the spoofed IP address, then the
hacker can receive all the network packets that are addressed to the spoofed
address and reply just as any trusted user can.
Why IP Spoofing is easy?

 Problem with the Routers.

 Routers look at Destination addresses only.
 Authentication based on Source addresses only.
 To change source address field in IP header field is easy.

Spoofing Attacks:

 There are a few variations on the types of attacks that using IP spoofing.

1.Non-Blind Spoofing

 This attack takes place when the attacker is on the same subnet as the target that could
see sequence and acknowledgement of packets.
 Using this spoofing to interfere with a connection that sends packets along with their
own subnet.
2. Blind spoofing

 This attack may take place from outside where sequence and acknowledgement numbers
are unreachable.
 Attackers usually send several packets to the target machine in order to sample sequence
numbers, which is double in older days .
 Using these spoofing to interfere with a connection (or creating one), that does not send
packets along with the cable.

Man in the Middle Attack

 These type is also called as connection hijacking.

  In this attack, a malicious party intercepts a legitimate communication between two hosts
to controls the flow of communication and to eliminate or alter the information sent by
one of the original participants without their knowledge.

SMURF Attack

 Send ICMP ping packet with spoofed IP source address to a LAN which will broadcast
to all hosts on the LAN.
 Each host will send a reply packet to the spoofed IP address leading to denial of service.

How to protect against IP spoofing (packet filtering)

While IP spoofing can’t be prevented, measures can be taken to stop spoofed packets from
infiltrating a network. A very common defense against spoofing is ingress filtering, outlined in
BCP38 (a Best Common Practice document). Ingress filtering is a form of packet filtering
usually implemented on a network edge device which examines incoming IP packets and looks
at their source headers. If the source headers on those packets don’t match their origin or they
otherwise look fishy, the packets are rejected. Some networks will also implement egress
filtering, which looks at IP packets exiting the network, ensuring that those packets have
legitimate source headers to prevent someone within the network from launching an outbound
malicious attack using IP spoofing.

Conclusion

IP Spoofing is a problem without an easy solution, since it’s inherent to the design of the TCP/IP
suite. Understanding how and why spoofing attacks are used, combined with a few simple
prevention methods, can help protect your network from these malicious cloaking and cracking
techniques.

Resources

https://www.cloudflare.com/learning/ddos/glossary/ip-spoofing/
https://www.wikitechy.com/tutorials/ethical-hacking/computer-hacking-tutorial/ip-spoofing
http://rvs.unibe.ch/teaching/cn%20applets/IP_Spoofing/IP%20Spoofing.pdf
https://www.symantec.com/connect/articles/ip-spoofing-introduction