Attacks

IP spoofing. Definition, Types and Protection

IP spoofing. Definition, Types and Protection

What Is Spoofing?

Disguises are as old as nature itself. It is the primary mechanism of survival in some animals. Humans too have been able to perfect disguise techniques beyond expectation. For instance, when copies of a supposedly unique fingerprint pattern are made, replicated and used in movies, it usually looks very cool.  It does not just stop there; humans have been able to develop masks that give them the apparent identity of another person. This is what spoofing is all about. It’s about pretense, disguise and impersonation.

Technically, spoofing is a body of processes that cyber attackers (or let’s just say attackers) employ to cloak unknown and unsafe sources as trusted sources. That is, they pretend to be a source that you trust so much,  they leverage on the trust you have built towards this source, they use social engineering methods (at least to a certain degree) to trick you into letting out your personal information.

It is often a game a psychology and technical understanding. For it work, three parties are needed, the trusted source, the victim, the attacker (with the spoof). Once the trusted source can be successfully impersonated, it just takes a little game of blackmail or gas lighting to get the attacker’s desired result on the unsuspecting victim.

Types Of Spoofing

There are different sources you trust on different social and communication platforms. Due to that, there are different types of spoofing, each specific to different platforms. Let’s check the different types of spoofing available:

  1. EMAIL SPOOFING – This is a simple as it sounds; attackers send emails to unsuspecting victims after adopting the header of certain trusted sources. Naturally, an unsuspecting individual takes the email seriously because they take to the apparent value of the Email header. In most cases, the attackers request for things like money and personal information. In other instances, they direct the victims to click on links to malware.
  1. URL SPOOFING – This is commonly known as website spoofing. The approach is simple yet very lethal and convincing. What the attacker does in this case is to leverage on certain things like error in URL spelling (typo squatting) that victims may make when looking for trusted websites on search engines. The attackers design similar logos and landing pages to make the spoof appear very real. On these websites, victims get indiscriminate requests to activate things or accept policies that are not necessarily present on the original website.
URL SPOOFING
  1. CALLER ID SPOOFING – This is also known as Phone spoofing. In this type of spoofing, attackers find a way of altering the caller ID sent to your mobile phone. You are especially susceptible to this if you use call tracking and identification applications. Attackers design it in such a way that, you get to see a familiar name as the caller identity of a strange mobile number. That way, you are more likely to accept the call and communicate with whoever is on the other end of the call.
caller id spoofing
  1. TEXT MESSAGE SPOOFING – In this type of attack, the criminal masquerades as a legitimate recognized sender by altering the header of the text sending number. This means is relatively easy to achieve considering the telecomm ad features that allow header personalization. As much as it easy to achieve, it is easy to see through this form of spoofing
text message spoofing
  1. DNS SPOOFING – DNS is an acronym for domain name system. It is like some sort of internet directory that keeps record of website identification numbers and matches the names to them when a computer sends a search request. In a DNS spoofing attack, the DNS directory is made to match the website names to wrong identical numbers. Consequently, when the computer sends a search request for these websites, they land on the wrong (but identical) page.
  1. GPS SPOOFING – The attackers often target the global positioning systems of mobile devices and (sometime) vehicles to send wrong location signals. This implies that, an attacker can actually appear to be in a certain location on a GPS system, but in reality, they are somewhere else.  On the extreme, this spoofing method could be used to interfere with car movements, spacecraft travel or ship sails.  
GPS SPOOFING

There are other various types of spoofing; examples include ARP spoofing, facial spoofing (or you could say biometrics spoofing). When it comes to internet and cyber security however, one of the most common and dangerous type of spoofing is the IP spoofing. Let’s consider a brief overview of IP spoofing attacks.

IP Address Spoofing

IP’s on the other hand are some sort of identity tags unique to your computer system. The “address tag” that accompanies Internet protocol is very significant. Technically speaking, Internet protocol addresses are certain identifiers – attached to specific networks –that allow computers to communicate effectively with the internet. Essentially, IP addresses are like your identity online (at least to the servers and the other computers). Now imagine someone somehow could replicate that identity perfectly; the implication is obvious, they get to impersonate you to get access to your personal information, data wealth, finances, name it. That is what IP spoofing entails.

ip spoofing work

Technically, IP spoofing is the process of using an altered source address to generate an internet packet with the goal of obscuring, impersonating another computer system. More often than not, the end goal would be to gain access to some of personal information. However, at times, attackers use the people’s internet identities to commit crimes (probably to deface and blackmail these individuals) or to carry out volumetric distributed denial or service attacks.

To put this in perspective, think of when the old system of receiving mails, you know, the one with hand written letters and deliver post men. If someone wanted to deny you of getting your letters and packages, they just need to find a means of altering the delivery access at the sending point. They could do this by altering the address to look very similar, so that they can avoid being noticed. You would definitely never get any package that way. That is a euphemistic representation of IP spoofing.

IP spoofing is dangerous provides a groundwork for all other types of cyber-attacks. Cyber attackers often need to disguise using legitimate IP addresses to lay the surface for the next complex phases of the attack. For instance, IP spoofing is a major step is ensuring the success of application layer attacks and Distributed denial of service attacks. Let’s see how it contributes to the above mentioned.

IP Spoofing In Application Layer Attack

Application layer attacks are structured to target and leverage on the vulnerabilities of mobile and web applications. These types of attacks are very common in the cyber space. The aim of the attacker is often to render an application non-functional, deface it, or steal the sensitive information of the users of the application in question.

In most application layer attacks, the attackers take advantage of the normal process of connection exchange known as the TCP three way hands shake. Let’s quickly go over the process. In a way three way hands shake;

  • The client's computer sends packets to request a connection with the server – this request is made using the SYN
  • The server sends acknowledgment messages to the client computer (SYN-ACK)
  • The clients send another message to the server, but this time around it is an acknowledgment message (ACK).

Attackers use the IP spoof to make the three stages of this process impossible. Instead of the original server or recipient computer to get the request, a spoof (after disguising as the destination) gets the SYN from the requesting computer. That way, the attacker successfully hijacks the responses the requesting computer is supposed to get from the trusted server. This is where they introduce social engineering methods to direct the unsuspecting user of the requesting computer to a malware.

IP Spoofing In Distributed Denial Of Service (DDoS) Attack

Distributed denial of service attacks are geared at rendering a web application nonfunctional by overwhelming it with traffic or requests that could consume its processing bandwidth. It’s like obstructing the normal route of a group of people, and directing them to a smaller route made to accommodate a smaller amount of people. What this creates is a total uselessness of the victim application. There are quite a number of different DDoS attacks, each with its method. However, the type that epitomizes the essence of DDoS is the volumetric DDOS attacks. This type of DDoS attacks effectively uses volume to consume the processing capacity of victim application.

This is where IP spoofing comes in. IP spoofing is often used to lay the groundwork for volumetric DDoS attacks. For instance, when a trusted source tells you to click on a link, the first reaction would be to click on that link. Cyber –attackers spoof many trusted sources and use social engineering to direct people to a target website. Of course, this requires precision and technical know-how; however, it is one of the most effective ways of carrying out a volumetric DDoS attacks in a way that appears legitimate.

How To Protect Your Network Against IP Spoofing Attack

Due to the extent of the damage an IP spoof could lead to, organizations need to be aware of ways to prevent such attacks. Here are a few tested and effective ways to go about it:

  1. Firewalls – Use a firewall as a filter for checking and locking out spoof IP. The advent of technology has made it easy to write an algorithm for the behavioral pattern of these sets of IP. You could use this to setup your firewall and lock attackers out.
  1. Get systems that filter between packets – Packet filtering systems specialize in fishing out spoofing attackers by filtering for spoofed headers. They are very efficient in mail systems and caller-id security.
  1. Get properly secured with encryption protocols- The most common internet encryption protocol today would be the hypertext transfer protocol. This kind of helps to secure data when requests and server response. When you browse the web, there is a padlock indicator that shows whether your site’s data are safe and encrypted. If a website doesn’t have this, it means that your data is susceptible to a data breach attack, and that the website is susceptible to URL and IP spoof attacks.
  1. Try being all the safe side with software – There are quite a number of reliable security software around. You could employ the use of a VPN or paid antivirus software. These things provide the first line of defense against attempts at data invasion and spoofing.
  1. Manually monitoring your network for suspicious activity – Irrespective of the caliber automated defense systems that you may have attackers may be smart enough to always bypass these systems. Due to this, just a good old monitoring would save you from trouble a lot of time. To make this feasible, you may map out a time frame for intermittent checks.
Protection Against IP Spoofing Attack

Conclusion

IP spoofs are dangerous for networks, databases, computers and users. It is a must that any one – in one way or the other – is informed about it. It is also important that each person takes responsibility and protects themselves from these sorts of attacks; our data is the future, let’s keep it safe.

Learning Objectives
It’s demo time