As technology spreads around the world, connecting people and organizations on a level never before experienced, cybercriminals have more potential victims under their watchful eyes. In this article, we are going to look into it’ip spoofing’, one of the methods employed by these bad actors and how it can be countered.
IP spoofing is a trick used by cyber criminals System origin to create and send Internet Protocol (IP) packets, (used for communication with other computer systems) either to hide your identity or to target a website or organization with a cyber attack to confuse. IP spoofing is commonly used to orchestrate DDoS Cyber attacks which we have mentioned earlier in one of our articles. In IP spoofing, the IP packet, which contains routing information including the source address, is given a different origin or source address to mask the actual system, hence the terminology.
Think of it as if you are getting unwanted calls at home from a new, unknown number. If you want to stop receiving calls, how do you do that? You block that number. But since the number is fake (hypothetically), you will get another call from another number, which is also fake. You block him, a new call comes in with a third unknown number, while you cannot understand the original number the call is being made from. In layman’s terms, this is the principle of IP spoofing. To receive such calls, there should be a provision, a filter, which is able to detect such calls and block them automatically. We will talk about this later in the article.
With a false source IP address, which is constantly changing, blocking malicious requests will not work. IP spoofing is used to disguise the true identity of the sender and to gain access to another device, posing as someone else.
So, how do cyber security experts deal with this kind of threat? using a technique called ingress filtering, which is a type of packet filtering. It is executed on a network edge device, which monitors the incoming IP packets and examines the source headers of them all as they arrive. Source headers that do not match the actual source headers or look suspicious are disallowed.
Another method of employing ingress filtering is to examine the source header while IP packets are leaving the network. This is usually done to prevent someone within the network from launching an IP spoofing-based cyber attack.
,