Spoofing Attack: IP, DNS & ARP

Home - Security 4ever - Security ddos attack - Security hack website


What Is a Spoofing Attack?

A spoofing attack is when a malicious party impersonates another device or user on a network in order to launch attacks

 against network hosts, steal data, spread malware or bypass access controls.

There are several different types of spoofing attacks that malicious parties can use to accomplish this.

Some of the most common methods include IP address spoofing attacks, ARP spoofing attacks and DNS server spoofing attacks.

IP Address Spoofing Attacks

IP address spoofing is one of the most frequently used spoofing attack methods.

 In an IP address spoofing attack, an attacker sends IP packets from a false (or ďspoofedĒ) source address

in order to disguise itself.

 Denial-of-service attacks often use IP spoofing to overload networks and devices with packets

that appear to be from legitimate source IP addresses.

There are two ways that IP spoofing attacks can be used to overload targets with traffic.

One method is to simply flood a selected target with packets from multiple spoofed addresses.

This method works by directly sending a victim more data than it can handle.

The other method is to spoof the targetís IP address and send packets from that address to many different recipients on the network.

 When another machine receives a packet, it will automatically transmit a packet to the sender in response.

Since the spoofed packets appear to be sent from the targetís IP address,

all responses to the spoofed packets will be sent to (and flood) the targetís IP address.

IP spoofing attacks can also be used to bypass IP address-based authentication.

 This process can be very difficult and is primarily used when trust relationships are in place

between machines on a network and internal systems.

Trust relationships use IP addresses (rather than user logins) to verify machinesí

identities when attempting to access systems.

This enables malicious parties to use spoofing attacks to impersonate machines

with access permissions and bypass trust-based network security measures.

ARP Spoofing Attacks

ARP is short for Address Resolution Protocol,

a protocol that is used to resolve IP addresses to MAC (Media Access Control) addresses for transmitting data.

 In an ARP spoofing attack, a malicious party sends spoofed ARP messages across a local area network in

order to link the attackerís MAC address with the IP address of a legitimate member of the network.

This type of spoofing attack results in data that is intended for the hostís IP address

getting sent to the attacker instead. Malicious parties commonly use ARP spoofing to steal information

modify data in-transit or stop traffic on a LAN. ARP spoofing attacks can also be used to facilitate other types

 of attacks, including denial-of-service, session hijacking and man-in-the-middle attacks.

 ARP spoofing only works on local area networks that use the Address Resolution Protocol.

DNS Server Spoofing Attacks

The Domain Name System (DNS) is a system that associates domain names with IP addresses.

Devices that connect to the internet or other private networks rely on the DNS for resolving URLs,

email addresses and other human-readable domain names into their corresponding IP addresses.

In a DNS server spoofing attack, a malicious party modifies the DNS server in order to reroute a specific domain

 name to a different IP address. In many cases, the new IP address will be for a server that is actually

 controlled by the attacker and contains files infected with malware. DNS server spoofing attacks

 are often used to spread computer worms and viruses.

Spoofing Attack Prevention and Mitigation


There are many tools and practices that organizations can employ to reduce the threat of spoofing attacks.

 Common measures that organizations can take for spoofing attack prevention include:

By S4curity 4ever