Spoofing attack
Encyclopedia
In the context of network security
, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.
do not provide mechanisms for authenticating the source or destination of a message. They are thus vulnerable to spoofing attacks when extra precautions are not taken by applications to verify the identity of the sending or receiving host. IP spoofing and ARP spoofing
in particular may be used to leverage man-in-the-middle attacks
against hosts on a computer network
. Spoofing attacks which take advantage of TCP/IP suite protocols may be mitigated with the use of firewalls
capable of deep packet inspection
or by taking measures to verify the identity of the sender or recipient of a message.
s, allow access to their materials only from certain approved (login-) pages. This is enforced by checking the referrer header of the HTTP request. This referrer header however can be changed (known as "referrer spoofing" or "Ref-tar spoofing"), allowing users to gain unauthorized access to the materials.
holders placing distorted or unlistenable versions of works on file-sharing networks, to discourage downloading from these sources.
information that is transmitted with the call. There are technologies that transmit this information on landlines, on cellphones and also with VoIP. Unfortunately, there are now technologies (especially associated with VoIP) that allow callers to lie about their identity, and present false names and numbers, which could of course be used as a tool to defraud or harass. Because there are services and gateways that interconnect VoIP with other public phone networks, these false Caller IDs can be transmitted to any phone on the planet, which makes the whole Caller ID information now next to useless. Due to the distributed geographic nature of the Internet, VoIP calls can be generated in a different country to the receiver, which means that it is very difficult to have a legal framework to control those who would use fake Caller IDs as part of a scam.
s (the "From" field) can be spoofed easily. This technique is commonly used by spammers
to hide the origin of their e-mails and leads to problems such as misdirected bounces
(i.e. e-mail spam backscatter
).
E-mail address spoofing is done in quite the same way as writing a forged return address using snail mail
. As long as the letter fits the protocol, (i.e. stamp, postal code) the SMTP protocol will send the message. It can be done using a mail server with telnet
.
Network security
In the field of networking, the area of network security consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources...
, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.
Spoofing and TCP/IP
Many of the protocols in the TCP/IP suiteInternet protocol suite
The Internet protocol suite is the set of communications protocols used for the Internet and other similar networks. It is commonly known as TCP/IP from its most important protocols: Transmission Control Protocol and Internet Protocol , which were the first networking protocols defined in this...
do not provide mechanisms for authenticating the source or destination of a message. They are thus vulnerable to spoofing attacks when extra precautions are not taken by applications to verify the identity of the sending or receiving host. IP spoofing and ARP spoofing
ARP spoofing
ARP spoofing, also known as ARP cache poisoning or ARP poison routing , is a technique used to attack a local-area network . ARP spoofing may allow an attacker to intercept data frames on a LAN, modify the traffic, or stop the traffic altogether...
in particular may be used to leverage man-in-the-middle attacks
Man-in-the-middle attack
In cryptography, the man-in-the-middle attack , bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other...
against hosts on a computer network
Computer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
. Spoofing attacks which take advantage of TCP/IP suite protocols may be mitigated with the use of firewalls
Firewall (computing)
A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
capable of deep packet inspection
Deep packet inspection
Deep Packet Inspection is a form of computer network packet filtering that examines the data part of a packet as it passes an inspection point, searching for protocol non-compliance, viruses, spam, intrusions or predefined criteria to decide if the packet can...
or by taking measures to verify the identity of the sender or recipient of a message.
Referrer spoofing
Some websites, especially pornographic paysitePaysite
A paysite, in pornography jargon, is a website that charges money to become a member and view its content, and often produces original adult content. They can be contrasted with "free-sites", which do not charge a membership fee. Most paysites offer "free tours" which allow non-members to view a...
s, allow access to their materials only from certain approved (login-) pages. This is enforced by checking the referrer header of the HTTP request. This referrer header however can be changed (known as "referrer spoofing" or "Ref-tar spoofing"), allowing users to gain unauthorized access to the materials.
Poisoning of file-sharing networks
"Spoofing" can also refer to copyrightCopyright
Copyright is a legal concept, enacted by most governments, giving the creator of an original work exclusive rights to it, usually for a limited time...
holders placing distorted or unlistenable versions of works on file-sharing networks, to discourage downloading from these sources.
Caller ID spoofing
In public telephone networks, it has for a long while been possible to find out who is calling you by looking at the Caller IDCaller ID
Caller ID , also called calling line identification or calling number identification or Calling Line Identification Presentation , is a telephone service, available in analog and digital phone systems and most Voice over Internet Protocol applications, that transmits a caller's number to...
information that is transmitted with the call. There are technologies that transmit this information on landlines, on cellphones and also with VoIP. Unfortunately, there are now technologies (especially associated with VoIP) that allow callers to lie about their identity, and present false names and numbers, which could of course be used as a tool to defraud or harass. Because there are services and gateways that interconnect VoIP with other public phone networks, these false Caller IDs can be transmitted to any phone on the planet, which makes the whole Caller ID information now next to useless. Due to the distributed geographic nature of the Internet, VoIP calls can be generated in a different country to the receiver, which means that it is very difficult to have a legal framework to control those who would use fake Caller IDs as part of a scam.
E-mail address spoofing
The sender information shown in e-mailE-mail
Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
s (the "From" field) can be spoofed easily. This technique is commonly used by spammers
E-mail spam
Email spam, also known as junk email or unsolicited bulk email , is a subset of spam that involves nearly identical messages sent to numerous recipients by email. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. One subset of UBE is UCE...
to hide the origin of their e-mails and leads to problems such as misdirected bounces
Bounce message
In the Internet's standard e-mail protocol SMTP, a bounce message, also called a Non-Delivery Report/Receipt , a Delivery Status Notification message, a Non-Delivery Notification or simply a bounce, is an automated electronic mail message from a mail system informing the sender of another...
(i.e. e-mail spam backscatter
Backscatter (e-mail)
Backscatter is incorrect automated bounce messages sent by mail servers, typically as a side effect of incoming spam....
).
E-mail address spoofing is done in quite the same way as writing a forged return address using snail mail
Snail mail
Snail mail or smail is a dysphemistic retronym—named after the snail with its slow speed—used to refer to letters and missives carried by conventional postal delivery services. The phrase refers to the lag-time between dispatch of a letter and its receipt, versus the virtually instantaneous...
. As long as the letter fits the protocol, (i.e. stamp, postal code) the SMTP protocol will send the message. It can be done using a mail server with telnet
TELNET
Telnet is a network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communications facility using a virtual terminal connection...
.
See also
- Protocol spoofingProtocol spoofingProtocol spoofing is used in data communications to improve performance in situations where an existing protocol is inadequate, for example due to long delays or high error rates....
, the benign simulating of a protocol in order to use another, more appropriate one. - IP address spoofingIP address spoofingIn computer networking, the term IP address spoofing or IP spoofing refers to the creation of Internet Protocol packets with a forged source IP address, called spoofing, with the purpose of concealing the identity of the sender or impersonating another computing system.-Background:The basic...
- Stream cipher attackStream cipher attackStream ciphers, where plaintext bits are combined with a cipher bit stream by an exclusive-or operation , can be very secure if used properly. However they are vulnerable to attack if certain precautions are not followed:*keys must never be used twice...
- LAND attackLANDA LAND attack is a DoS attack that consists of sending a special poison spoofed packet to a computer, causing it to lock up...