Explaining IP Spoofing
Have you ever seen a magician performing a trick? Even though you saw something, you knew it wasn’t real, right? Well, the same thing is valid when it comes to IP spoofing. Don’t close this page, since in this article you will find out more about this topic!
● What is IP spoofing?
For an easier understanding, let’s consider Halloween and a kid wearing a Batman costume. He knocks at someone’s door and interacts with that person, while pretending to be Batman. Basically, faking his identity 😅.
The same thing occurs in IP spoofing. A malicious user (not always, though), forges his IP address in order to not be identified. He interacts with a server, impersonating someone else. Usually, the reasons behind this decision are to carry out evil actions.
● How does it work?
We can compare IP spoofing with sending letters. Yes, I know, nobody does that anymore in 2023 😂. But let’s remember a bit how it was. Briefly, you had the message and, after inserting that piece of paper in an envelope, you had to write on it the name and address for both sender and receiver. When the letter was delivered, the receiver knew who sent it.
Now imagine that, instead of filling the correct data for the sender field, you wanted to prank your friend and changed this data with something else. Essentially, being a different person. Well, this happens when someone is spoofing his IP.
But how does this apply when it comes to packets? We must understand the IP header format. There are several fields, each one containing different data. Below, you can see an image which represents this structure:
You can consider this image a more complex envelope. The field we are interested in is Source IP Address. That would be the address of the sender. When a user is spoofing its IP, basically, he replaces his address with a fake one. So, the value for Source IP Address changes, switching to a counterfeit thing.
When you are using a VPN, you are actually spoofing your IP address. Let’s consider the next situation: you have a Netflix subscription but some specific content you want to watch (for instance, from France) is not available in your country (let’s choose Spain).
In order to bypass this and be able to access that video content, you connect to a VPN and choose a server from France. By doing this, you will be able to watch that movie. Now, when your requests are sent to Netflix’s server, it will see your address as being from France. But it’s not your real one.
● What is it used for?
The previous example with the VPN was a harmless one. But, usually, the intentions are pure malicious.
One of the most common attacks performed with the help of IP spoofing is a DDoS (Distributed-Denial-of-Service) attack.
What happens here is quite simple. The attackers, with the help of multiple controlled computers (also called zombies), send a huge amount of requests to the server. All these zombies are sending the packages at the same time, in order to overwhelm the victim and exhaust the resources until the service becomes unavailable. The IPs are spoofed, since they want to mask the real identity and remove any traces.
Another attack is the so-called Man-In-The-Middle (MITM). Shortly, an attacker positions himself between two parties, usually a user and an application or a website. He intercepts the information sent by the user, which can be credentials, personal info, banking details and so on.
If you want to see a demo on how an IP is spoofed, check my new video!
● Real life examples
Below you have some real situations where such attacks were performed.
● Countermeasures
Unfortunately, for the standard user, IP spoofing is hard to detect, since it takes place at the network layer (OSI model layer 3). But there are measures which can be taken. Some of these are:
- use a firewall - it can be configured to allow only authorized traffic
- use an antivirus - it provides an extra layer of protection
- use packet filtering systems - they will check for discrepancies in the packet header and drop it in case it’s not valid
- blacklist IPs
● Disclaimer
This article is for educational purposes only. Attacking targets without prior mutual consent is illegal. I take no responsibility for any misuse or damage caused due to the usage of the information provided here.
If you got here, I want to thank you for the time you took to read my article. I hope you enjoyed it and also learned something from it. Why not take a look at some of my other articles? Or, maybe, watch one of my YouTube videos? 😉
