Encyclopedia > Internet protocol spoofing

  Article Content

Internet protocol spoofing

In computer networking, the term Internet protocol spoofing (IP) is the creation of IP packets with a forged (spoofed) source IP address.

The header of every IP packet contains its source address. This should be the address that the packet was sent from. By forging the header, so it contains a different address, an attacker can make it appear that the packet was sent by a different machine. This can be a method of attack used by network intruders to defeat network security measures, such as authentication based on IP addresses.

This type of attack is most effective where trust relationships exist between machines. It is common on some corporate networks to have internal systems trust each other, so that a user can log in without a username or password provided they are connecting from another machine on the internal network (and so must already be logged in). By spoofing a connection from a trusted machine, an attacker may be able to access the target machine without authenticating.

Packet filtering is one defence against IP spoofing attacks. The gateway to a network should perform ingress filtering[?]: blocking of packets from outsite the network with a source address inside the network. This prevents an outside attacker spoofing the address of an internal machine. Ideally outgoing packets should also be filtered, dropping packets from inside the network with a source address that is not inside (egress filtering[?]); this prevents IP spoofing by any machine on your own network against external machines.

Some higher-level protocols provide their own defence against IP spoofing. For example, Transmission Control Protocol uses sequence numbers negotiated with the remote machine to ensure that arriving packets are part of an established connection. The poor implementation of TCP sequence numbers in many older operating systems and network devices, however, means that spoofing is often still possible.

The kind of spoofing discussed here has limited impact on breaking into systems as any reply packets that the destination may send will be sent to the spoofed source address.

Conversely, it's used in many different attacks such as smurf attacks and SYN floods.

All Wikipedia text is available under the terms of the GNU Free Documentation License

  Search Encyclopedia

Search over one million articles, find something about almost anything!
  Featured Article
Johann Karl Friedrich Rosenkranz

... long professorial career, and in all his numerous publications he remained, in spite of occasional deviations on particular points, loyal to the Hegelian tradition as a ...

This page was created in 34.1 ms