IP Address Spoofing to DNS Spoofing Attacks in details

Spoofing Attacks is the action of bypassing the user’s authentication over the network to steal their data, spread malware. Attackers can use various spoofing methods for getting in your system. It can be address resolution protocol based spoofing, IP address spoofing or DNS server spoofing.

Website Spoofing

In website spoofing, the attacker creates a website similar to the targeted webpage or sometimes same URL to mislead end users. In this way, one can attract traffic on the designed fake site to obtain users sensitive data for the purpose of breaking their cybersecurity.

Sometimes attackers use masked or cloaked URL by which they forward domain or insert control characters so that URL looks genuine as the address of the targeted website.

DNS Spoofing

Domain name server spoofing is also known as DNS cache poisoning. In this attack, the attacker corrupts the DNS data which is responsible for pointing main URL address to IP address of the website. In result, the name server returns fake IP address to redirect users to their own designed spoofed page.

A poisoned DNS cache have incorrect entries. Suppose if attackers find access to control DNS server and changed few records in it. E.g., he can redirect actual pointing IP address to a designed malicious page and collects user’s sensitive information through that page. It can also spread in case of multiple service providers who received name server data from the compromised server. The poisoned entry is spread and cached in service providers name server which then propagates to end users router and cached in their local hardware resources.

IP Address Spoofing

In IP address spoofing attacker sends spoofed packets to the destination node from a wrong IP address for breaking their security. Denial of service attacks use IP spoofing for overloading network with packets in order to exhaust resources capability to serve more.

Two ways can perform IP spoofing. The first one is accomplished by sending multiple packets to the receiver’s machine from fake addresses. It works directly by sending massive traffic to victims machine which cannot handle that much amount of data.

The second tactics spoof the victim’s IP address and redistribute packets from victim’s address to multiple recipients over the network, and when another machine receives a packet, in response, it automatically reverts packet to the trusted sender. Since the packet sent from the trusted IP addresses so in response the flooded packets are sent back to targets IP address.

Email Spoofing

Sometimes attackers send spoofed emails from the fake sender address. They change the header of the email to forge the recipients with modified message content. Receivers think that mail is originated from the actual source and possibly respond to that mail which is the primary motive of the sender. These spoofed email can be related to installing malware send to recipients device, spoofed links, or asking for user credentials.

Address Resolution Protocol (ARP) Attacks

ARP spoofing is a method where an attacker sends the false messages over the local area network which builds up a link between the attackers’ mac address and receiver IP address. Once connected, it starts receiving the upcoming data to receiver’s IP address. Now once the connection got established, one can modify, intercept or even stop transit data.

With ARP spoofing attacks one can steal sensitive pieces of information about an organisation. It can be used in DoS attacks, session hijacking, man-in-the-middle attacks as:

  • In DoS attacks, multiple IPs are linked with targets MAC address for overloading traffic at targets website.
  • In case of session hijacking, the ARP spoofing steals session IDs and grant permission to access sensitive data or system for the attacker.
  • The man-in-the-middle attacks use ARP spoofing to modify the traffic between receiver.

Login Spoofing

Attackers sometimes use login spoofing techniques for stealing user’s password. They present an ordinary looking login panel for getting user’s credential like username or password. The page is a trojan horse named malicious program which is controlled by the attacker who gained success in his plan once the user enters login details.

So we can see that the world wide web is not a secure place. To achieve maximized security for your system you need to get updated with ongoing technologies and solutions. But do remember one thing technology changes every day and so are attacking techniques.

* Our Banking Partners FULLERTON, AXIS Bank, ICICI, HDFC plus YES Bank.