There are many varieties of spoofing attacks an attacker can target network hosts, steal sensitive data or spread dangerous malware throughout the network. Some of the common varieties of spoofing attacks include IP address spoofing, ARP spoofing, and DNS server spoofing.
- IP address Spoofing - This is one of the most popular forms of spoofing attacks and involves the attacker sending IP packets (small bits of information) from a fake source. This is done in order to hide the origin of the IP packets. Most DDOS or denial-of-service-attacks involve some kind of IP spoofing. There are two main ways of IP spoofing. The first method involves flooding the target with IP packets from multiple fake sources which cause the target systems to overload. The second method works by imitating the target's IP address and sending packets to all other devices on the network. Whenever another machine accepts a packet, it will communicate back with the sender. The response is sent to the actual sender instead of the fake ID. This way, the target's system will be flooded with too many responses. IP based spoofing attacks are also used to bypass common forms of address-based authentication systems.
- ARP Spoofing - ARP, short for address resolution protocol, is a network protocol that is used to resolve IP addresses to MAC addresses. This is done for transmitting data from the computer. In ARP spoofing, the hacker sends ARP messages from a fake source across a local area network. This is done to link the MAC address of the attacker with any IP address on the network. This causes all the data that is being sent through the network to flow into the attacker’s hands instead of the victim’s system. ARP spoofing is commonly used for such data thefts and to modify in-transit messages.
- DNS server spoofing - DNS servers are used for assigning specific URLs, email addresses and other kinds of links to the website. DNS servers allow website names to be presented in a human-readable format. Each domain name is connected to a certain IP address. In DNS server spoofing, the attacker gains access into the DNS server so that the URL directs the viewers to a different IP address. This is the most common tactic for spreading viruses and worms.
Related Article: How To Identify Malvertising