Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
IP address spoofing
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Applications== IP address spoofing involving the use of a trusted IP address can be used by network intruders to overcome network security measures, such as [[authentication]] based on IP addresses. This type of attack is most effective where trust relationships exist between machines. For example, it is common on some corporate networks to have internal systems trust each other, so that users can log in without a username or password provided they are connecting from another machine on the internal network β which would require them already being logged in. By spoofing a connection from a trusted machine, an attacker on the same network may be able to access the target machine without authentication. IP address spoofing is most frequently used in [[denial-of-service attack]]s,<ref name=":0">{{Cite journal |last1=Veeraraghavan |first1=Prakash |last2=Hanna |first2=Dalal |last3=Pardede |first3=Eric |date=2020-09-14 |title=NAT++: An Efficient Micro-NAT Architecture for Solving IP-Spoofing Attacks in a Corporate Network |journal=Electronics |language=en |volume=9 |issue=9 |pages=1510 |doi=10.3390/electronics9091510 |issn=2079-9292|doi-access=free }}</ref> where the objective is to flood the target with an overwhelming volume of traffic, and the attacker does not care about receiving responses to the attack packets. Packets with spoofed IP addresses are more difficult to filter since each spoofed packet appears to come from a different address, and they hide the true source of the attack. Denial of service attacks that use spoofing typically randomly choose addresses from the entire IP address space, though more sophisticated spoofing mechanisms might avoid non-routable addresses or unused portions of the IP address space. The proliferation of large [[botnet]]s makes spoofing less important in denial of service attacks, but attackers typically have spoofing available as a tool, if they want to use it, so defenses against denial-of-service attacks that rely on the validity of the source IP address in attack packets might have trouble with spoofed packets. In DDoS attacks, the attacker may decide to spoof the IP source address to randomly generated addresses, so the victim machine cannot distinguish between the spoofed packets and legitimate packets. The replies would then be sent to random addresses that do not end up anywhere in particular. Such packages-to-nowhere are called the [[Denial-of-service attack#Backscatter|backscatter]], and there are [[network telescope]]s monitoring backscatter to measure the statistical intensity of DDoS attacks on the internet over time.<ref>{{Cite web |title=GRIN β Today's Impact on Communication System by IP Spoofing and Its Detection and Prevention |url= https://www.grin.com/document/190620|access-date=2020-07-21|website=www.grin.com|language=en}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)