- Spoofing attack
In the context of
network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.
Man-in-the-middle attack and internet protocol spoofing
An example from
cryptographyis the man-in-the-middle attack, in which an attacker spoofs Alice into believing the attacker is Bob, and spoofs Bob into believing the attacker is Alice, thus gaining access to all messages in both directions without the trouble of any cryptanalytic effort.
The attacker must monitor the packets sent from Alice to Bob and then guess the sequence number of the packets. Then the attacker knocks out Alice with a
SYN attackand injects his own packets, claiming to have the address of Alice. Alice's firewall can defend against some spoof attacks when it has been configured with knowledge of all the IP addresses connected to each of its interfaces. It can then detect a spoofed packet if it arrives at an interface that is not known to be connected to the IP address.
Many carelessly designed protocols are subject to spoof attacks, including many of those used on the Internet. See
Internet protocol spoofing
URL spoofing and phishing
Another kind of spoofing is "webpage spoofing," also known as
phishing. In this attack, a legitimate web page such as a bank's site is reproduced in "look and feel" on another server under control of the attacker. The intent is to fool the users into thinking that they are connected to a trusted site, for instance to harvest user names and passwords.
This attack is often performed with the aid of
URL spoofing, which exploits web browserbugs in order to display incorrect URLs in the browsers location bar; or with DNS cache poisoningin order to direct the user away from the legitimate site and to the fake one. Once the user puts in their password, the attack-code reports a password error, then redirects the user back to the legitimate site.
Some websites, especially pornographic
paysites, allow access to their materials only from certain approved (login-) pages. This is enforced by checking the Refererheader of the HTTPrequest. This referer header however can be changed (known as " Referer spoofing" or "Ref-tar spoofing"), allowing users to gain unauthorized access to the materials.
Poisoning of file-sharing networks
"Spoofing" can also refer to
copyrightholders placing distorted or unlistenable versions of works on file-sharingnetworks, to discourage downloading from these sources.
Caller ID spoofing
In public telephone networks, it has for a long while been possible to find out who is calling you by looking at the Caller ID information that is transmitted with the call. There are technologies that transmit this information on landlines, on cellphones and also with VoIP. Unfortunately, there are now technologies (especially associated with VoIP) that allow callers to lie about their identity, and present false names and numbers, which could of course be used as a tool to defraud or harass. Because there are services and gateways that interconnect VoIP with other public phone networks, these false Caller IDs can be transmitted to any phone on the planet, which makes the whole Caller ID information now next to useless. Due to the distributed geographic nature of the Internet, VoIP calls can be generated in a different country to the receiver, which means that it is very difficult to have a legal framework to control those who would use fake Caller IDs as part of a
E-mail address spoofing
The sender information shown in
* "Pirates of the Digital Millennium" by John Gantz & Jack B. Rochester, 2005, FT Prentice Hall, Upper Saddle River, NJ 07458; ISBN 0-13-146315-2.
Protocol spoofing, the benign simulating of a protocol in order to use another, more appropriate one.
Stream cipher attack
* [http://webmasters-forums.com/Web-Spoofing-t-402.html Web Spoofing]
spoofing — A security breach in which an intruder logs on to the system by pretending to be a genuine user. The intruder may obtain another person s user name and password in casual conversation or, in a more concerted attack, may use a network… … Dictionary of networking
IDN homograph attack — The internationalized domain name (IDN) homograph attack is a means by which a malicious party may seek to deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters may have … Wikipedia
SMS spoofing — is a relatively new technology which uses the short message service (SMS), available on most mobile phones and personal digital assistants, to set who the message appears to come from by replacing the originating mobile number (Sender ID) with… … Wikipedia
Protocol spoofing — is used in data communications to improve performance in situations where an existing protocol is inadequate, for example due to long delays or high error rates.Note: In a computer security context, spoofing refers to various forms of… … Wikipedia
IP address spoofing — In computer networking, the term IP (Internet Protocol) address spoofing refers to the creation of IP packets with a forged (spoofed) source IP address with the purpose of concealing the identity of the sender or impersonating another computing… … Wikipedia
ARP spoofing — Address Resolution Protocol (ARP) spoofing, also known as ARP poisoning or ARP Poison Routing (APR), is a technique used to attack an Ethernet wired or wireless network which may allow an attacker to sniff data frames on a local area network… … Wikipedia
Denial-of-service attack — DoS redirects here. For other uses, see DOS (disambiguation). DDoS Stacheldraht Attack diagram. A denial of service attack (DoS attack) or distributed denial of service attack (DDoS attack) is an attempt to make a computer resource unavailable to … Wikipedia
Smurf attack — The Smurf attack is a way of generating a lot of computer network traffic to a victim host. That is, it is a type of denial of service attack. Specifically, it floods a target system via spoofed broadcast ping messages.In such an attack, a… … Wikipedia
Login spoofing — is a technique used to obtain a user s password. The user is presented with an ordinary looking login prompt for username and password, which is actually a malicious program, usually called a Trojan horse under the control of the attacker. When… … Wikipedia
Denial of Service Attack — Als Denial of Service (DoS, zu Deutsch etwa: Dienstverweigerung) bezeichnet man einen Angriff auf einen Host (Server) oder sonstigen Rechner in einem Datennetz mit dem Ziel, einen oder mehrere seiner Dienste arbeitsunfähig zu machen. In der Regel … Deutsch Wikipedia