You are here: Computer Attacks and Prevention > Subtopic 3 > Content

Subtopic 3: Spoofing

Spoofing can lead you to believe that you are visiting a trusted site or receiving email from a known individual when in reality you are being misled or misdirected. Prevention requires a combination of hardware and training in order to be successful. Several types of spoofing exist. Two of the most common are web spoofing and Domain Name Server (DNS) spoofing.

Web spoofing tricks users into thinking they are visiting a genuine site when in reality they are visiting a site created by an attacker.  This fake site may appear to be an exact copy of the genuine site, but requires the user to provide sensitive information such as login information or credit card information to the attacker. Such an attack also has components of a social engineering attack.

A DNS spoofing attack is similar to web spoofing in that users are routed to the wrong web address. Rather than tricking a user into visiting a site, this type of attack works by attacking a server’s ability to match domains with their associated IP addresses. By compromising the manner in which a web page is mapped to the correct server, an attacker can hijack traffic meant for one site and direct it to another.

Prevention - Spoofing

Since spoofing works at the hardware level and often relies on social engineering techniques, prevention relies on a multi-pronged approach.  On the hardware side, you should make sure that source routing is disabled on all internal routers.  Source routing is an IP option that allows the originator of a packet to specify what path that packet will take, and what path return packets sent back to the originator will take. Turning this off will help keep the server routing information from being intercepted and returned by attackers.

User training is vital to help prevent web spoofing attacks from being successful. Users should be informed to report any unexpected requests for sensitive information to the appropriate entity.

References

Further reading and research can be found at the following links:

• http://www.cs.princeton.edu/sip/pub/spoofing.html
• http://www.securityfocus.com/infocus/1674
• http://www.webopedia.com/TERM/P/phishing.html