/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow UsThe IP basically works with small portions of data called
datagrams that contain a small header used for address information. This header
contains two addresses: the destinations IP address and the sources IP
address.
The destinations IP address determines where the datagram should
go. The sources IP address tells the destination where the datagram originated.
There is a problem in the handling of the sources IP address. One of the merits
of the IP protocol is that it is connection-less, and so, routers make routing
actions based on the destination address without any influence by the source
address. In processing a packet or message, information about the source
essentially remains unused until the item reaches its destination. For this
reason, attackers can forge a packets source address by setting it to that of
another computer or even a nonexistent computer but the packet will still reach
its destination. Thus, one way of concealing identity on the Internet is to
simply forge source addresses.
IP Spoofing Techniques Simple Forging
Forging or spoofing an address is a one-way communication which is as simple as
putting any desired address in the source address field.
Using a Reflector Host
Attackers can use IP address forging to manipulate an innocent host into
attacking a victim. The attacker host sends a packet designed to elicit a
response to a reflector host. If the attacker spoofs the victims source as
the packets source, then the reflector will innocently direct its response
toward the victim. At the reflector, initiating packets appear to come from the
victim while the attacker is seemingly uninvolved.
Laundering Attack Packets
Attackers use stolen or phantom accounts to launder packets before they
reach a victim. When laundering takes place, the laundering host actually
receives and processes the attacking hosts packets, transmitting other
packets toward the victim as shown in the figure below. This process changes the
source address to that of the laundering host, and can also give the laundered
packets different content and/or time from that of the attackers original
packets. In these ways, attackers can use laundering hosts to disguise their
identity.
Detection of IP Spoofing Attacks
One can monitor packets using network-monitoring software such as netlog. To
do this, look for a packet on your external interface that has both its source
and destination IP addresses in his local domain. If you find such a packet, the
network is currently under attack.
Prevention of IP Spoofing
The best method of preventing the IP spoofing problem is to install a
filtering router that restricts the input to your external interface (known as
an input filter) by not allowing a packet through if it has a source address
from your internal network.