In computer networking, the term Internet Protocol spoofing (IP spoofing) is the creation of IP packets with a forged (spoofed) source IP address. A computer network is a system for communication among two or more computers. ... Jump to: navigation, search The Internet Protocol (IP) is a data-oriented protocol used by source and destination hosts for communicating data across a packet-switched internetwork. ... A packet is the fundamental unit of information carriage in all modern computer networks. ... Jump to: navigation, search It has been suggested that Static_IP_address be merged into this article or section. ...

The header of every IP packet contains its source address. This is normally the address that the packet was sent from. By forging the header, so it contains a different address, an attacker can make it appear that the packet was sent by a different machine. This can be a method of attack used by network intruders to defeat network security measures, such as authentication based on IP addresses. Security is being free from danger. ... Jump to: navigation, search In computer security, authentication (Greek: αυθεντικός, from authentes=author) is the process by which a computer, computer program, or another user attempts to confirm that the computer, computer program, or user from whom the second party has received some communication is, or is not, the claimed first...

This type of attack is most effective where trust relationships exist between machines. For example, it is common on some corporate networks to have internal systems trust each other, so that a user can log in without a username or password provided they are connecting from another machine on the internal network (and so must already be logged in). By spoofing a connection from a trusted machine, an attacker may be able to access the target machine without authenticating.

Packet filtering is one defence against IP spoofing attacks. The gateway to a network should perform ingress filtering; blocking of packets from outside the network with a source address inside the network. This prevents an outside attacker spoofing the address of an internal machine. Ideally outgoing packets should also be filtered, dropping packets from inside the network with a source address that is not inside (egress filtering); this prevents an attacker within the network performing filtering from launching IP spoofing attacks against external machines. A network layer firewall works as a packet filter by deciding what packets will pass the firewall according to rules defined by the administrator. ... Jump to: navigation, search The introduction to this article provides insufficient context for those unfamiliar with the subject matter. ... Jump to: navigation, search In computer networking, the term Egress filtering makes a network more secure and therefore less prone to attack from hackers. ...

Some higher-level protocols provide their own defence against IP spoofing. For example, Transmission Control Protocol (TCP) uses sequence numbers negotiated with the remote machine to ensure that arriving packets are part of an established connection. The poor implementation of TCP sequence numbers in many older operating systems and network devices, however, means that spoofing is often still possible. Jump to: navigation, search The Transmission Control Protocol (TCP) is one of the core protocols of the Internet protocol suite. ...

The attacker is limited by the fact that any reply packets that the destination may send are sent to the spoofed source address. However, an attacker can utilize this property of IP spoofing in techniques such as smurf attacks and SYN floods. The smurf attack, named after its exploit program, is a denial-of-service attack which uses spoofed broadcast ping messages to flood a target system. ... Jump to: navigation, search A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a targets system. ...

Protocol spoofing is also used as a data compression technique, and was used as early as 1985 when the Hayes Smartmodem incorporated spoofing of portions of the UUCP protocol to improve throughput. In this context, protocol headers and trailers are trimmed down or removed entirely, and then reconstructed at the far end. UUCP stands for Unix to Unix CoPy, and is a computer program and protocol allowing remote execution of commands and transfer of files, email and netnews between Unix computers not connected to the Internet proper in a Store_and_forward fashion. ...

The term spoofing is also sometimes used to refer to header forgery, the insertion of false or misleading information in email or netnews headers. Falsified headers are used to mislead the recipient, or network applications, as to the origin of a message. This is a common technique of spammers and sporgers, who wish to conceal the origin of their messages to avoid being tracked down. Less fraudulently, some netnews users place obviously false email addresses in their headers to avoid spam or other unwanted responses. E-mail, or email, is short for electronic mail and is a method of composing, sending, and receiving messages over electronic communication systems. ... Usenet is a distributed Internet discussion system that evolved from a general purpose UUCP network of the same name. ... A KMail folder full of spam emails collected over a few days. ... Sporgery is the disruptive act of posting a flood of articles to a Usenet newsgroup, with the article headers falsified so that they appear to have been posted by others. ... Jump to: navigation, search E-mail has become the subject of much abuse, in the form of both spamming and E-mail worm programs. ...

See also

• Router (includes a list of manufacturers)
• Network address translation
• Spoofed URL

Jump to: navigation, search A router is a computer networking device that forwards data packets across an internetwork toward their destinations, through a process known as routing. ... Jump to: navigation, search In computer networking, the process of network address translation (NAT, also known as network masquerading or IP-masquerading) involves re-writing the source and/or destination addresses of IP packets as they pass through a router or firewall. ... Jump to: navigation, search A Spoofed URL describes one website that poses as another. ...

External links

• Show your IP address
• White Hat, Black Hat, Grey Hat links