IP Spoofing

Posted: August 25, 2009 in Internet Protocol, System Basics, System Information
Tags:

IP spoofing, also known as IP address forgery or a host file hijack, is a hijacking technique in which a cracker masquerades as a trusted host to conceal his identity, spoof a Web site, hijack browsers, or gain access to a network. Here’s how it works: The hijacker obtains the IP address of a legitimate host and alters packet headers so that the legitimate host appears to be the source.

When IP spoofing is used to hijack a browser, a visitor who types in the URL(Uniform Resource Locator) of a legitimate site is taken to a fraudulent Web page created by the hijacker. For example, if the hijacker spoofed the Library of Congress Web site, then any Internet user who typed in the URL http://www.loc.gov would see spoofed content created by the hijacker.

If a user interacts with dynamic content on a spoofed page, the highjacker can gain access to sensitive information or computer or network resources. He could steal or alter sensitive data, such as a credit card number or password, or install malware . The hijacker would also be able to take control of a compromised computer to use it as part of a zombie army in order to send out spam.

Web site administrators can minimize the danger that their IP addresses will be spoofed by implementing hierarchical or one-time passwords and dataencryption/decryption techniques. Users and administrators can protect themselves and their networks by installating and implementating firewalls that block outgoing packets with source addresses that differ from the IP address of the user’s computer or internal network.

Advertisements
Comments
  1. Ravi says:

    Nice article.Keep up the good work!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s