IP spoofing is the process of using a fake IP address for communication with another machine, or for
malicious purposes. Most Internet and other forms of communication take place using Internet protocol (IP). In this protocol, files, instant messenger conversations, Web pages or even voice conversations are broken up into packets, which are then sent from the source to the destination
via various routes.
Each packet contains the source IP address, as well as its destination IP address, so that
intermediate network equipment knows where to
send it. At the destination, the machine reads the
source address, so that it knows where the packet
came from, and then sends a reply to the machine at
that address. Because each machine on the Internet is supposed to have a unique IP address, identification of
the source and destination is possible.
With this structure, IP addresses are unique and can
be used to identify machines, and even to track down
a machine that is used for illegitimate purposes. For
example, a Web server will contain logs of all the
requests that it received along with the IP addresses
the requests came from.
Another very important use of IP addresses is for authentication. However, it is relatively easy for a knowledgeable
attacker to change the IP address in the packets in
order to fool the destination host, and thus perform IP
spoofing.
This may be used to gain entry to certain
secure networks, in which case detection of the true
attacking machine is difficult. IP spoofing is commonly used for Denial of Service (DoS) attacks. An attacker can simply flood the target
with packets containing one or many fake IP
addresses.
Because the IP address is not actually that of the
source machine sending the packets, any replies will
be sent to either the machine that owns the IP
address, or nowhere, if an IP address does not exist.
This method is perfect for DoS attacks because the
attacker never intends to carry out genuine communication.
IP spoofing cannot be prevented in most of today's
networks, but it is possible to guard against it by using
packet filtering. With packet filtering, the network
equipment will not forward packets that do not
contain genuine IP addresses or IP addresses that do
not lie within a specified range.
With most communications moving to a newer
version of the IP protocol that has built-in
authentication and encryption, it will be much harder
for IP spoofing to occur. In the future, a packet will
need to contain information in it that authenticates its
source.
IP spoofing does have some legitimate uses. In some
satellite communications, it takes a very long time to
acknowledge that each packet has been received.
During this time, some network protocols time out. IP
spoofing is used to simulate acknowledgement from
the destination, even though it hasn't yet occurred, which allows communication to continue. Satellite
broadband Internet service providers primarily use
this tactic.
via oneofthebest All articles about hacking have only an educational goal and we are not responsible
0 commentaires:
Enregistrer un commentaire