IP Spoofing is contained in source addresses substitution in IP packages transferred to attacking computer. Supposititious package contains address of trusted hosting but underneath information is sent from hacker’s computer. The main aim is receiving and passing data packages through attacking computer exerting Denial of Service or provoking DDoS attack.
Sender can easily spoof stated address in packet headers entering other different numbers. But computer receiving a heading sends a reply to a notified address and not to hacker location.
It’s not a greatest challenge for UDP flooding because in this case answer is not so important, but with TCP connection addressee’s response need to be obtained or connection attempt will be failed.
Protecting measures against IP Spoofing
Spoofing threat can’t be removed, but diminished by following actions:
- Access monitoring is the easiest way defusing IP spoofing involved correct configuration of login management. To blunt the attack effectiveness, the device need to deny traffic coming from extranet with stated address instead data originated from the define intranet. The method is valid with internal addresses spoofing but ineffective by sanctioning extranet numbers.
- RFC 2827 filtration rejects all outbound traffic with unliable default number unexpected in the define interface. As an example, if an ISP attaches 18.104.22.168/24 IP address, it configures a filter and receives traffic originated from this location. But the process proves its successful only if all providers will implement the filtration type. For another thing, distance between client and filterable tools has a disastrous influence on correct filtration process.
The most effective way of IP Spoofing control is deemed to make an attack absolutely ineffective. Advent of additional authentication methods destroy spoofing attacks functioned under IP-based identity verification. Cryptographic authentication or two-factor authentication with onetime passwords show best results protecting against hackers.
Today users are authenticated by services with entered user name and login allowing to transport data in an enciphering form. This is why usability of IP spoofing is diminished in criminal abuse. More than that, it finds application for peaceful purposes. As an example, hundreds and thousands of virtual users with nonexistent IP addresses are served for performance testing. On a technical side, this is an IP spoofing, but it’s not subjected to punishment because operated by web-source owner agreement.