Security+

Spoofing Attacks – Understanding Various Types of Attacks

Spoofing Attacks: A spoofing attack is an attempt by someone or something to masquerade as someone else.

This type of attack is usually considered an access attack. A common spoofing attack that was popular for many years on early Unix and other timesharing systems involved a programmer writing a fake logon program.

It would prompt the user for a user ID and password. No matter what the user typed, the program would indicate an invalid logon attempt and then transfer control to the real logon program.

The spoofing program would write the logon and password into a disk file, which was retrieved later.

The most popular spoofing attacks today are IP spoofing, ARP spoofing, and DNS spoofing. With IP spoofing, the goal is to make the data look as if it came from a trusted host when it didn’t (thus spoofing the IP address of the sending host).

With ARP spoofing (also known as ARP poisoning), the MAC (Media Access Control) address of the data is faked. By faking this value, it is possible to make it look as if the data came from a network that it did not. This can b used to gain access to the network,

To fool the router into sending data here that was intended for another host, or to launch a DoS attack.

In all cases, the address being faked is an address of a legitimate user, and that makes it possible to get around such measures as allow/deny lists.

With DNS spoofing, the DNS server is given information about a name server that it thinks is legitimate when it isn’t. this can send users to a website other than the one to which they wanted to go, reroute mail, or do any other type of redirection wherein data from a DNS server is used to determine a destination.

Another name for this DNS poisoning, and fast flux is one of the most popular techniques.

Spoofing Attacks – Understanding Various Types of Attacks

 

TIP: Always think of spoofing as fooling. Attackers are trying to fool the user, system, and/or host into believing they are something that they are not.

Because the word spoof can describe any false information at any level, spoofing can occur at any level of network.

 

NOTE: Another DNS weakness is domain name kiting. When a new domain name is issued, there is technically a five-day grace period before you must pay for it.

Those engaged in kiting can delete the account within five days and re-register it-allowing them to have accounts that they never have to pay for.

 

Below shows a spoofing attack occurring as part of the logon process on a computer network.

The attacker in this situation impersonates the server to the client attempting to log in. No matter what the client attempts to do, the impersonating system disconnects from the client.

The client the logs into the legitimate server. In the meantime, the attacker now has a valid user ID and password.

 

Below A spoofing attack during logon

 A Spoofing Attack During Logon

A Spoofing Attack During Logon 

The important point to remember is that a spoofing attack tricks something or someone into thinking that something legitimate is occurring.

 

If you have any question regarding spoofing attacks click here to ask.

 

Related Articles

Leave a Reply

Back to top button