 - IP spoofing, also known as IP address forgery or a host file hijack, is a hijacking technique in which a cracker masquerades as a trusted host to conceal his identity, spoof a Web site, hijack browsers, or gain access to a network. Here's how it works: The hijacker obtains the IP address of a legitimate host and alters packet headers so that the legitimate host appears to be the source. When IP spoofing is used to hijack a browser, a visitor who types in the URL (Uniform Resource Locator) of a legitimate site is taken to a fraudulent Web page created by the hijacker. For example, if the hijacker spoofed the Library of Congress Web site, then any Internet user who typed in the URL www.loc.gov would see spoofed content created by the hijacker. If a user interacts with dynamic content on a spoofed page, the highjacker can gain access to sensitive information or computer or network resources. He could steal or alter sensitive data, such as a credit card number or password, or install malware . The hijacker would also be able to take control of a compromised computer to use it as part of a zombie army in order to send out spam. Web site administrators can minimize the danger that their IP addresses will be spoofed by implementing hierarchical or one-time passwords and data encryption/decryption techniques. Users and administrators can protect themselves and their networks by installating and implementating firewalls that block outgoing packets with source addresses that differ from the IP address of the user's computer or internal network.
 |
Learn more about Network Protocols and Security |
| Voice over IP Security: VoIP Threat Taxonomy: In an excerpt from Voice over IP Security, author Patrick Park reviews VoIP threats, including spam, phishing and other threats against social context. |
| Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures: In an excerpt from Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures, authors Peter Thermos and Ari Takanen discuss the strengths and weaknesses of SRTP. |
| Man-in-the-middle attacks: This chapter excerpt examines how man-in-the-middle attacks affect Fibre Channel security and how to determine if your organization is at risk. |
| VoIP Security Learning Guide: More organizations are choosing to implement VoIP telephony for its cost savings. However, securing the technology comes with its own price tag. This guide is a compilation of resources that review ... |
| VoIP protocols: A technical guide: This guide reviews SIP and H.323 and their known vulnerabilities, as well as how functional protocol testing ("fuzzing") can help defeat such problems. |
| LAST UPDATED: |
04 Jun 2007
|
 |
Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com
|
|
More resources from around the web:
|
|
Show me everything on 
