Spoofing, Beware........

Last time we had a look over the level of attacks and how to protect yourself. Today we start a new section on IP spoofing. I will break this into smaller units as this topic is a bit technical and takes some time for grasping.

There has never been more controversy about a cracking technique than the controversy surrounding IP spoofing. IP spoofing is the most talked about and least understood method of gaining unauthorized entry to a computer system.

Following 3 points must be known at the onset of this discussion:

• Few platforms are vulnerable to this technique of IP spoofing..
  
• The technique is quite complex and is not commonly understood, even by talented crackers. It is therefore rare.
  
• IP spoofing is very easily prevented.

What Is a Spoofing ?

A spoofing attack involves nothing more than forging one's source IP address. It is the act of using one machine to impersonate another. To understand how this occurs, you must know a bit about authentication and verification.

Every user has encountered some form of authentication. This encounter most often occurs while logging onto web-based email sites like Hotmail or a network. In fact, we can consider any Web site to be a network. That network could be located in the user's home, his office, or, as in this case, the Internet. The better portion of authentication routines known to the average user occur at the application level. That is, these methods of authentication are entirely visible to the user. The typical example is when a user is confronted with a password prompt on FTP or Telnet. The user enters a username and a password; these are authenticated, and the user gains access to the resource.

On the Internet, authentication routines are the minority. Each second, authentication routines that are totally invisible to the user occur. The difference between these routines and application-level authentication routines is fundamental. In application-level authentication, a machine challenges the user; a machine requests that the user identify himself. In contrast, non-application-level authentication routines occur between machines. One machine demands some form of identification from another. Until this identification is produced and validated, no transactions occur between the machines engaged in the challenge-response dialog.

Such machine-to-machine dialogs always occur automatically. In the IP spoofing attack, the cracker attempts to capitalize on the automated nature of the dialog between machines. Thus, the IP spoofing attack is an extraordinary method of gaining access because in it, the cracker never uses a username or password. This is where man

Go To Page: 1 2