What Is a Spoofing Attack?
A spoofing attack involves nothing more than forging one's source address. It is the act of using one machine to impersonate another. To understand how this occurs, you must know a bit about authenticities.
The better portion of authentication routines known to the average user occurs at the application level. That is, these methods of authentication are entirely visible to the user.
The typical example is when a user is confronted with a password prompt on FTP or Telnet. The user enters a username and a password; these are authenticated, and the user gains access to the resource.
On the Internet, application-level authentication routines are the minority. Each second, authentication routines that are totally invisible to the user occur. The difference between these routines and application-level authentication routines is fundamental. In application-level authentication, a machine challenges the user; a machine requests that the user identify himself. In contrast, non-application-level authentication routines occur between machines. One machine demands some form of identification from another. Until this identification is produced and validated, no transactions occur between the machines engaged in the challenge-response dialog. Such machine-to-machine dialogs always occur automatically (that is, they occur without human intervention).
In the IP spoofing attack, the cracker attempts to capitalize on the automated nature of the dialog between machines. Thus, the IP spoofing attack is an extraordinary method of gaining access because in it, the cracker never uses a username or password. This, for many people, is difficult to grasp. Consequently, reports of IP spoofing have needlessly caused much fear and paranoia on the Internet.
Disediakan Oleh: Wong How Ling (A108917)