IP Spoofing
Next, let's learn about
another kind of network attack called IP spoofing.
IP spoofing is a network attack
performed when an attacker changes the source IP of
a data packet to impersonate
an authorized system and gain access to a network.
In this kind of attack,
the hacker is pretending to be someone they are
not so they can communicate over
the network with the target computer and get
past firewall rules that may prevent outside traffic.
Some common IP spoofing attacks are on-path attacks,
replay attacks, and smurf attacks.
Let's discuss these one at a time.
An on-path attack is
an attack where the malicious actor places themselves in
the middle of an authorized connection
and intercepts or alters the data in transit.
On-path attackers gain access to
the network and put themselves between two devices,
like a web browser and a web server.
Then they sniff the packet
information to learn the IP and
MAC addresses to devices
that are communicating with each other.
After they have this information,
they can pretend to be either of these devices.
Another type of attack is a replay attack.
A replay attack is
a network attack performed when
a malicious actor intercepts
a data packet in transit and delays
it or repeats it at another time.
A delayed packet can cause
connection issues between target computers,
or a malicious actor may take
a network transmission that was sent by
an authorized user and repeat it at
a later time to impersonate the authorized user.
A smurf attack is a combination of
a DDoS attack and an IP spoofing attack.
The attacker sniffs an authorized user's IP address
and floods it with packets.
This overwhelms the target computer and can
bring down a server or the entire network.
Now that you've learned about
different kinds of IP spoofing,
let's talk about how you can protect
the network from this kind of attack.
As you previously learned,
encryption should always be implemented so that the data
in your network transfers can't
be read by malicious actors.
Firewalls can be configured
to protect against IP spoofing.
IP spoofing makes it seem like
the malicious actor is an authorized user
by changing the sender's address of
the data packet to match the target network's address.
So if a firewall receives a data packet from the internet
where the sender's IP address
is the same as the private network,
then the firewall will deny the transmission
since all the devices with that IP address
should already be on the local network.
You can make sure that your firewalls
configure correctly by creating a rule to
reject all incoming traffic that has
the same IP address as the local network.
That's it for IP spoofing.
You've learned how IP spoofing is used in
some common attacks like on-path attacks,
replay attacks, and smurf attacks.