Jump to content

Spoofing attack

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 203.111.78.178 (talk) at 00:57, 4 March 2004. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

A spoofing attack as a computing network term that means to deprive a service by fooling someone or something in the chain of communication.

Specifically, a TCP/IP spoof attack is a way to hijack a session between two machines. The attacker must monitor the packets sent from A to B and then guess the sequence number of the packets. Then the attacker knocks out A with a SYN attack and injects his own packets, claiming to have the address of A. A firewall can defend against spoof attacks when it has been configured with knowledge of all the IP addresses connected to each of its interfaces. It can then detect a spoofed packet if it arrives from an interface that is not known to be connected to that interface.

Another kind of spoofing is "web page spoofing". In this attack, a web page is reproduced in "look and feel" to another server but is owned and operated by someone else. It is intended to fool someone into thinking that they are connected to a trusted site. Typically, a bank's log-in page might be spoofed by a crook. The crook then harvests the user names and passwords. This attack is often performed with the aid of DNS cache poisoning in order to direct the user away from the legitimate site and into the false one. Once the user puts in their password, the attack-code reports a password error, then redirects the user back to the legitmate site.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Spoofing_attack&oldid=2619506"