Jump to content

Spoofing attack

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 71.123.242.250 (talk) at 07:10, 1 March 2006 (URL spoofing and phishing). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

In computer security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.

Man-in-the-middle attack and internet protocol spoofing

An example from cryptography is the man in the middle attack, in which an attacker spoofs Alice into believing he's Bob, and spoofs Bob into believing he's Alice, thus gaining access to all messages in both directions without the trouble of any cryptanalytic effort.

The attacker must monitor the packets sent from Alice to Bob and then guess the sequence number of the packets. Then the attacker knocks out Alice with a SYN attack and injects his own packets, claiming to have the address of Alice. Alice's firewall can defend against some spoof attacks when it has been configured with knowledge of all the IP addresses connected to each of its interfaces. It can then detect a spoofed packet if it arrives at an interface that is not known to be connected to the IP address.

Many carelessly designed protocols are subject to spoof attacks, including many of those used on the Internet. See Internet protocol spoofing.

URL spoofing and phishing

Another kind of spoofing is "webpage spoofing," also known as phishing. In this attack, a legitimate web page such as a bank's site is reproduced in "look and feel" on another server under control of the attacker. The intent is to fool the users into thinking that they are connected to a trusted site, for instance to harvest user names and passwords.

This attack is often performed with the aid of URL spoofing, which exploits web browser bugs in order to display incorrect URLs in the browsers location bar; or with DNS cache poisoning in order to direct the user away from the legitimate site and to the fake one. Once the user puts in their password, the attack-code reports a password error, then redirects the user back to the legitimate site.

Referer spoofing

Some websites, especially pornographic paysites, allow access to their materials only from certain approved (login-) pages. This is enforced by checking the Referer header of the HTTP request. This referer header however can be changed (known as "Referer spoofing" or "Ref-tar spoofing"), allowing users to gain unauthorized access to the materials.

Poisoning of file-sharing networks

"Spoofing" can also refer to copyright holders placing distorted or unlistenable versions of works on file-sharing networks, to discourage downloading from these sources.

References

  • "Pirates of the Digital Millennium" by John Gantz & Jack B. Rochester, 2005, FT Prentice Hall, Upper Saddle River, NJ 07458; ISBN 0131463152.

See also

  • Protocol spoofing, the benign simulating of a protocol in order to use another, more appropriate one.
Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=Spoofing_attack&oldid=41718888"