The most classic example of spoofing is IP spoofing.TCP/IP requires that every
host fills in its own source address on packets, and there are almost no measures in
place to stop hosts from lying. Spoofing, by definition, is always intentional.
However, the fact that some malfunctions and misconfigurations can cause the
exact same effect as an intentional spoof, causes difficulty in determining whether
an incorrect address indicates a spoof.
Spoofing is really easy and is a result of some inherent flaws in TCP/IP.TCP/IP
basically assumes that all computers are telling the truth.There is little or no checking done to verify that a packet really comes from the address indicated in
the IP header.When the protocols were being designed in the late 1960s, engineers
didn’t anticipate that anyone would or could use the protocol maliciously. In fact,
one engineer at the time described the system as flawless because “computers don’t
lie.”There are different types of IP spoofing attacks.These include blind spoofing
attacks in which the attacker can only send packets and has to make assumptions or
guesses about replies, and informed attacks in which the attacker can monitor, and
therefore participate in, bidirectional communications.
There are ways to combat spoofing, however. Stateful firewalls usually have
spoofing protection whereby they define which IPs’ are allowed to originate in
each of their interfaces. If a packet claimed to be from a network specified as
belonging to a different interface, the packet is quickly dropped.This protects from
both blind and informed attacks. An easy way to defeat blind spoofing attacks is to
disable source routing in your network at your firewall, at your router, or both.
Source routing is, in short, a way to tell your packet to take the same path back
that it took while going forward.This information is contained in the packet’s IP
Options, and disabling this will prevent attackers from using it to get responses back
from their spoofed packets.
Spoofing is not always malicious. Some network redundancy schemes rely on
automated spoofing in order to take over the identity of a downed server.This is
due to the fact that the networking technologies never accounted for the need for
one server to take over for another.
Technologies and methodologies exist that can help safeguard against spoofing
of these capability challenges.These include:
■ Using firewalls to guard against unauthorized transmissions
■ Not relying on security through obscurity, the expectation that using undocumented
protocols will protect you
■ Using various cryptographic algorithms to provide differing levels of
authentication Subtle attacks are far more effective than obvious ones. Spoofing has an advantage
in this respect over a straight vulnerability exploit.The concept of spoofing
includes pretending to be a trusted source, thereby increasing the chances that the
attack will go unnoticed.
If the attacks use just occasional induced failures as part of their subtlety, users
will often chalk it up to normal problems that occur all the time. By careful application
of this technique over time, users’ behavior can often be manipulated.