APPSEC KNOWLEDGE BASE

WHAT IS SPOOFING

The headlines today are full of data security breaches that were initiated by through spoofing, and businesses everywhere our seeking solutions to avoid becoming the victim of a spoofing attack. But what is spoofing exactly, and what can organizations do to prevent it?

Here’s a brief introduction to “What is spoofing?” that includes a spoofing definition and an overview of ways to combat attacks.

What is spoofing?

A spoofing attack is when a hacker or malicious individual impersonates another user or device on a network, duping users or systems into believing they are communicating or interacting with a different person or website.

What is spoofing intended to accomplish?

Hackers use spoofing to launch attacks, gain unauthorized access to systems, steal sensitive information or spread viruses and malware.

What is spoofing of IP addresses?

IP address spoofing involves sending IP packets from a false source address. IP spoofing is often used in denial-of-service attacks, overloading networks and devices with packets that seem to be from IP addresses belonging to legitimate sources.

What is spoofing of a DNS server?

Spoofing attacks that involve DNS servers are designed to reroute a certain domain name to a different IP address. The Domain Name System (DNS) associates domain names with IP addresses, and devices connected to the Internet rely on DNS addresses to resolve URLs and email addresses to their corresponding IP addresses. By spoofing a DNS server, hackers can direct traffic to a server that they control and that may contain files infected with malware software.

What is spoofing of the address resolution protocol?

The Address Resolution Protocol (ARP) resolves IP addresses to MAC (Media Access Control) addresses for transmitting data. In an ARP spoofing attack, hackers link their MAC address with the IP address of a legitimate member of a network. As a result, information intended for the host IP address is directed to the attacker instead. ARP spoofing can be used to launch denial-of-service attacks, session hijacking and man-in-the-middle attacks.

What is a spoofing prevention solution?

What is spoof mitigation and which solutions are most effective? In addition to configuring software firewalls correctly, successful tools and practices include:

  • Spoof detection software that can help organizations detect attacks by inspecting and certifying data before it is transmitted.
  • Cryptographic network protocols such as the Transport Layer Security (TLS), HTTP Secure (HTTPS) and other secure communications protocols that encrypt data before it is sent and authenticate data as it is received.
  • Packet filters that inspect packets as they are transmitted, and filtering or blocking packets with conflicting source address information.

Learn more about “What is spoofing?” or visit our AppSec knowledgebase to learn more about website SQL and other vulnerabilities.

 

 

contact menu