IP Spoofing
IP spoofing occurs when Internet Protocol (IP) packets are created with altered source addresses. The aim of IP Spoofing is usually to mask the sender’s identity or impersonate another computer system — or sometimes both. It’s a popular technique among malicious users to deploy Distributed Denial-of-Service (DDoS) attacks against a specific device or associated infrastructure.
Home / Definitions / Firewall / What is IP spoofing?
What are IP packets?
IP packets, which include a header containing essential routing information like source address, are fundamental to the communication between networked computers and devices, forming the basis for contemporary internet technology. In a typical packet, the source IP denotes the sender’s address. However, in a spoofed packet, this address is counterfeited.
What is IP Spoofing?
IP Spoofing is conceptually similar to someone sending a parcel with an incorrect return address. It won’t be useful to block all packages from the false address as the sender can effortlessly alter this. Hence, if the recipient wants to retort, their response will be sent somewhere else rather than the real sender. This misrepresentation of the address is a core vulnerability targeted in many DDoS attacks.
How is IP spoofing used?
DDoS attacks frequently use spoofing to overload a target with excessive traffic, simultaneously concealing the malicious source to prevent counter-attacks. The fraudulence and continuous randomization of source IP addresses cause complications in blocking harmful requests. It also creates hurdles for cyber-security teams and law enforcement to identify the attacker.
Spoofing can also impersonate another device, making responses get routed towards the target device. Volume-based attacks like NTP Amplification and DNS amplification exploit this vulnerability. The inherent ability to alter the source IP in TCP/IP design renders it a continuous security threat.
Besides DDoS attacks, spoofing can imitate another device to bypass authentication and seize control of a user’s session.
How to prevent IP spoofing
While fully preventing IP spoofing is impossible, defenses like ingress filtering can be deployed to block spoofed packets from penetrating a network. Outlined in BCP38, ingress filtering scrutinizes the source headers of incoming IP packets on a network edge device. Suspicious packets with mismatched source headers are rejected. Some networks also adopt egress filtering on outgoing packets to ensure legitimate source headers and to preclude any inside threats of IP spoofing attacks.