IP spoofing is one of the most complicated and advanced trick that
can be executed on a remote computer.IP spoofing happens when the attacker tricks the target computer into beliving that the packet sent to them comes from the source other than the actual source computer.In other words you can say that it is the process by which an attacker can conceal his/her real identity while attacking the system and make the target computer belive that the data packet sent to them originates at another system.
For Example, say your IP address is 127.15.18.1 and the IP address of the target system is 203.87.13.6. Normally when send a message to the target system it detects the IP address of the attackers system from which the message comes.In the case of IP spoofing attacker real IP address(in this case 127.15.18.1)is replaced with a fake ip address, making it difficult for the target computer to trace the attacker back.
Lets take another example, imagine the following three ip address exist:
Attacker: 123.44.77.89 (real)
Victim: 44.55.66.77
Fake: 99.99.99.99
Now if real wants to send a data packet to VICTIM's system,the IP address of the attacker will be clearly show that the real has sent the data packet,therefore with the help of IP spoofing the real will send a data packet to the victim in such a way that it will appear that the data packet has came from FAKE system.As you see IP spoofing is used to disguise or hide the source IP of the attacker.
How IP SPOOFING Works-
The reason IP spoofing is regarded as a difficult attack to perform is a fact that it is a blind attack,which means if you use ip spoofing to attack a computer you receive no feedback or response saying that your attack was successful,and if the attack was unsuccessful,
what was the reason behind it.This is because the target computer send the message to the spoofed IP address i.e fake IP rather than your own.
Lets continue with the previous example. The source system(REAL) establishes a Three-Way-Handshake connection by sending a SYN packet containing the fake source IP address (FAKE) to the target (VICTIM).Victim replies by sending a SYN/ACK packet,rather sending it to real it send it to FAKE. In order to complete the three-way-handshake Victim must receive an ACK packet because VICTIM sent the SYN/ACK packet to the spoofed IP address REAL does not send a ACK packet (which was containing the fake ip address) in reply. To prevent the VICTIM to timing out the connection REAL must bluff by sending an ACK packet acknowledging that the SYN/ACK packet was recevied by FAKE.If the third step completes successfully a three-way-handshake bewteen VICTIM and FAKE completes.
No comments:
Post a Comment