Dec 21, 2010

IP Spoofing

An IP (Internet Protocol) address is the address that reveals the identity of your Internet service provider and your personal Internet connection. The address can be viewed during Internet browsing and in all of your correspondences that you send.
IP spoofing hides your IP address by creating IP packets that contain bogus IP addresses in an effort to impersonate other connections and hide your identity when you send information. IP spoofing is a common method that is used by spammers and scammers to mislead others on the origin of the information they send.
How IP Spoofing Works
The Internet Protocol or IP is used for sending and receiving data over the Internet and computers that are connected to a network. Each packet of information that is sent is identified by the IP address which reveals the source of the information.
When IP spoofing is used the information that is revealed on the source of the data is not the real source of the information. Instead the source contains a bogus IP address that makes the information packet look like it was sent by the person with that IP address. If you try to respond to the information, it will be sent to a bogus IP address unless the hacker decides to redirect the information to a real IP address.
Why IP Spoofing is Used
IP spoofing is used to commit criminal activity online and to breach network security. Hackers use IP spoofing so they do not get caught spamming and to perpetrate denial of service attacks. These are attacks that involve massive amounts of information being sent to computers over a network in an effort to crash the entire network. The hacker does not get caught because the origin of the messages cannot be determined due to the bogus IP address.
IP spoofing is also used by hackers to breach network security measures by using a bogus IP address that mirrors one of the addresses on the network. This eliminates the need for the hacker to provide a user name and password to log onto the network.
IP Spoofing Protection
It is possible to protect a network against IP spoofing by using Ingress filtering which uses packets to filter the inbound traffic. The system has the capability to determine if the packets are coming from within the system or from an outside source.
Transmission Control Protocols can also be deployed through a number sequence that is used to create a secure connection to other systems. This method can be enhanced by disconnecting the source routing on the network to prevent hackers from exploiting some of the spoofing capabilities.
How to do IP address spoofing
IP address spoofing is the creation of IP packets using somebody else’s IP source addresses.
This technique is used for obvious reasons and is employed in several of the attacks discussed later. Examining the IP header, we can see that the first 12 bytes contain various information about the packet. The next 8 bytes, however, contains the source and destination IP addresses. Using one of several tools, an attacker can easily modify these addresses – specifically the “source address” field.
A common misconception is that “IP spoofing” can be used to hide our IP address while surfing the Internet, chatting on-line, sending e-mail, and so forth. This is generally not true. Forging the source IP address causes the responses to be misdirected, meaning you cannot create a normal network connection.
Figure 1: Valid source IP address, illustrates a typical interaction between a workstation with a valid source IP address requesting web pages and the web server executing the requests. When the workstation requests a page from the web server the request contains both the workstation’s IP address (i.e. source IP address and the address of the web server executing the request (i.e. destination IP address The web server returns the web page using the source IP address specified in the request as the destination IP address, and its own IP address as the source IP address,
Figure 1: Valid source IP address
Figure 2: Spoofed source IP address, illustrates the interaction between a workstation requesting web pages using a spoofed source IP address and the web server executing the requests. If a spoofed source IP address (i.e. is used by the workstation, the web server executing the web page request will attempt to execute the request by sending information to the IP address of what it believes to be the originating system (i.e. the workstation at The system at the spoofed IP address will receive unsolicited connection attempts from the web server that it will simply discard.