IP Spoofing

IP spoofing is the process of using a fake IP address for communication with another machine, or for malicious purposes.

Most Internet and other forms of communication take place using Internet protocol (IP). In this protocol, files, instant messenger conversations, Web pages or even voice conversations are broken up into packets, which are then sent from the source to the destination via various routes. Each packet contains the source IP address, as well as its destination IP address, so that intermediate network equipment knows where to send it. At the destination, the machine reads the source address, so that it knows where the packet came from, and then sends a reply to the machine at that address. Because each machine on the Internet is supposed to have a unique IP address, identification of the source and destination is possible.

With this structure, IP addresses are unique and can be used to identify machines, and even to track down a machine that is used for illegitimate purposes. For example, a Web server will contain logs of all the requests that it received along with the IP addresses the requests came from. Another very important use of IP addresses is for authentication.

However, it is relatively easy for a knowledgeable attacker to change the IP address in the packets in order to fool the destination host, and thus perform IP spoofing. This may be used to gain entry to certain secure networks, in which case detection of the true attacking machine is difficult.

IP spoofing is commonly used for Denial of Service (DoS) attacks. An attacker can simply flood the target with packets containing one or many fake IP addresses.

Because the IP address is not actually that of the source machine sending the packets, any replies will be sent to either the machine that owns the IP address, or nowhere, if an IP address does not exist. This method is perfect for DoS attacks because the attacker never intends to carry out genuine communication.

IP spoofing cannot be prevented in most of today's networks, but it is possible to guard against it by using packet filtering. With packet filtering, the network equipment will not forward packets that do not contain genuine IP addresses or IP addresses that do not lie within a specified range.

With most communications moving to a newer version of the IP protocol that has built-in authentication and encryption, it will be much harder for IP spoofing to occur. In the future, a packet will need to contain information in it that authenticates its source.

IP spoofing does have some legitimate uses. In some satellite communications, it takes a very long time to acknowledge that each packet has been received. During this time, some network protocols time out. IP spoofing is used to simulate acknowledgement from the destination, even though it hasn't yet occurred, which allows communication to continue. Satellite broadband Internet service providers primarily use this tactic.