Anyone with a basic understanding of networking will know that data is transmitted between machines using IP packets. The sender’s IP address is also contained inside these packets. With IP spoofing, the sender’s IP address is changed to a different IP address.
This means the machine receiving the IP packets may think it is getting data from a trusted computer system when it could be an impersonator. This technique is also good for hiding the sender’s identity because their real IP address it not visible to the recipient.
How does IP spoofing works?
Whenever data is transferred from one machine to another, it is usually broken up into multiple IP packets and transmitted independently. Upon reaching the recipient machine, the packets are then reassembled to form the original data being sent.
Each packet has an IP header that includes data such as the source machine IP address and the destination machine IP address. Using tools, bad actors can modify the source machine IP address to mimic another trusted machine to steal valuable data. There is no way to detect that the IP address in the packet has been spoofed which makes this a powerful technique to perform malicious activities.
Common types of IP spoofing
One type of IP spoofing is known as the Man-in-the-Middle (MITM) attack where the attacker will position themselves in a conversation between 2 machines. A good example is a home user’s computer being used to login to a website. The attacker is able to intercept the IP packets from both sides. The intercepted data can be used later for identify theft especially when involving fund transfers.
Another form of IP spoofing is the Distributed-Denial-of-Service (DDoS) attack. In this form, the attackers will normally use a lot of botnets (networks containing compromised computers) to send out spoofed IP packets to overwhelm a specific website or server. The target server will have a hard time filtering these attacks as the spoofed IP addresses could be any random IP address. Eventually, the server will be overloaded to the point that it is no longer functioning normally.
Once everyone starts using IPv6, IP spoofing will be less of an issue since IPv6 includes encryption and authentication. Until then, end users trying to avoid MITM should be vigilant about using public WIFI to perform sensitive transactions like banking activities. They should also make sure the websites they are on are using the HTTPS encryption protocol.
Unfortunately, DDoS attacks are much harder to stop. A lot of hardware infrastructure is required to withstand these attacks so the cost-effective way is to sign up with a good DDoS protection service.