What Is IP Address Spoofing?
The IP address spoofing is a technique used in computing that involves sending IP packets using a source IP address that has not been assigned to the computer that issues them. The goal may be to conceal his identity during an attack on a server, or somehow usurp the identity of another network equipment for the services which it has access.
IP Address Spoofing – Explanations
According to its design, protocol and IP routing on the Internet do not check the source address. This protocol is designed to be routed even in the event of nuclear war. As routing is decentralized, it is impossible to verify the source address of IP packets flowing.
Except in cases of restriction of access point to the Internet, any computer can produce an IP packet with any source address. This technique may well serve to mask the real source address or network to attack by spoofing the address of another computer.
History Of IP Address Spoofing
In 1995, CERT published the first warning on the IP address spoofing. Indeed, some services just as secure rsh are based on the IP address to identify the sender. The typical example is to use a relationship of trust. A hacker then uses the IP address of a trusted machine (allowed) to get a connection to a server.
Recommendation
To avoid such attacks, it is recommended not to use service based on IP address to identify customers. Cryptographic algorithms can be used to authenticate the correspondent, as is the case for example SSL, SSH.
It is recommended that the operating system generates sequence numbers are difficult to predict the level of TCP (see RFC 1948). On a computer, algorithms generating random numbers are always pseudo-random. The appearance of deterministic behavior of a computer that is why computers are used, and it becomes a problem when issues of security and encryption are discussed.
One solution may be to refuse subsequent TCP SYN packets from a single address to prevent the attacker can predict the behavior of generating sequence numbers. But such a restriction may limit the availability of service (Denial of Service or DoS).
The IP address spoofing can also be used to mask the identity of the hacker attacks during denial of service attack or rebound. In this case, a different IP address can be used for each packet of the attack, which renders ineffective any attempt at intelligent filtering.
It is recommended that administrators of local networks using the IP address filtering incoming sources to final customers (RFC 3704, Ingress Filtering for “Multihomed Networks”). This can be done automatically through the reverse path forwarding (en) (uRPF), which instructs the router to check the routing of the source IP address of all incoming packet through an interface, and if the reception interface differs interface routing to destroy the package, making any attempt to usurp inoperative.
This is not possible in case of asymmetric routing. This filtering will be more effective if done near the source. An end user who would then share the outbound traffic between two links to different providers it would be prevented, allowing each supplier as source addresses expected.
Study: From Wikipedia, the free encyclopedia. The text is available under the Creative Commons.
~ No related posts.