Jump to content

Spoofing attack

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Haham hanuka (talk | contribs) at 17:43, 22 October 2005. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

You must add a |reason= parameter to this Cleanup template – replace it with {{Cleanup|reason=<Fill reason here>}}, or remove the Cleanup template.
 A spoofing attack, in computer security terms, refers to a situation in which one person or program is able to masquerade successfully as another.

A common technic of spoofing is a ref-tar spoofing. Some websites are accessible only by visiting them by clicking on a link from another website. With the help of some applications you can easily "spoof" these websites by "telling" them that you are visiting them by clicking on a link from specific website.

An example from cryptography is the man in the middle attack, in which an attacker spoofs Alice into believing he's Bob, and spoofs Bob into believing he's Alice, thus gaining access to all messages in both directions without the trouble of any cryptanalytic effort.

The attacker must monitor the packets sent from Alice to Bob and then guess the sequence number of the packets. Then the attacker knocks out Alice with a SYN attack and injects his own packets, claiming to have the address of Alice. Alice's firewall can defend against spoof attacks when it has been configured with knowledge of all the IP addresses connected to each of its interfaces. It can then detect a spoofed packet if it arrives from an interface that is not known to be connected to that interface.

Many carelessly designed protocols are subject to spoof attacks, including many of those used on the Internet. See Internet protocol spoofing.

Another kind of spoofing is "web page spoofing," also known as phishing. In this attack, a web page is reproduced in "look and feel" to another server but is owned and operated by someone else. It is intended to fool someone into thinking that they are connected to a trusted site. Typically, a bank's log-in page might be spoofed by a crook. The crook then harvests the user names and passwords. This attack is often performed with the aid of DNS cache poisoning in order to direct the user away from the legitimate site and into the false one. Once the user puts in their password, the attack-code reports a password error, then redirects the user back to the legitimate site.

"Spoofing" can also refer to copyright holders placing distorted or unlistenable versions of works on file-sharing networks, to discourage downloading from these sources..

From "Pirates of the Digital Millennium" by John Gantz & Jack B. Rochester, 2005, FT Prentice Hall, Upper Saddle River, NJ 07458; ISBN0-13-146315-2.

Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=Spoofing_attack&oldid=26199638"