IP Address Spoofing

The IP address is equivalent to the house number of the network user. The so-called IP Address Spoofing means that an attacker impersonates another person's IP address and sends packets. Because the IP protocol does not authenticate the IP address in the packet, anyone can forge the IP address of the packet without authorization. So how to perform IP Address Spoofing? What should I pay attention to when implementing IP Address Spoofing?

IP Address Spoofing

Once an IP packet is sent out from the network, the source IP address is almost unnecessary. It is used only after the intermediate router discards it for some reason or reaches the target end. This allows a host to use the IP address of another host to send IP packets, as long as it can put such IP packets on the network. Therefore, if attackers disguise their host as a trusted friend host of the target host, they will change the source IP address in the sent IP packet to the IP address of the trusted friendly host, you can attack a trusted host by exploiting the vulnerabilities in the real authentication of the trust relationship between hosts (only confirmed by IP addresses. Note that the trust relationship refers to a trusted host that can be easily accessed by an authorized host. For example, all the R * commands in Unix use the trusted host solution. Therefore, an attacked host can change its IP address to the IP address of the trusted host to connect to the trusted host, the R * command can be used to open a backdoor for attack purposes.

To implement IP Address Spoofing, pay attention to the following two issues:

1. because the remote host only sends A response signal to the forged IP address, the attacker cannot receive the message from the remote host, that is, using host C to impersonate host B's IP address and connect to remote host, host A only sends A response signal to host B, and host C cannot receive the response;

2. to establish a connection between the attacker and the attacker, the attacker must use the correct TCP serial number.

Attackers can use IP Address Spoofing for two purposes:

1. You only want to hide your own IP address or forge abnormal packets with the same source IP address and destination IP address, but do not care whether you can receive the response from the target host, such as IP packet fragmentation or Land attacks;

2. disguise as a friendly host trusted by the target host for unauthorized services. Solution: currently, the most ideal method is to use a firewall. The firewall determines whether to allow external IP data packets to enter the LAN and check IP data packets from outside. If an external packet claims to have an internal address, it must be a spoofing packet. If the IP address of the packet is not any subnet in the firewall, it cannot leave the firewall.