December 30, 2013

3.2.6 Spoofing

Spoofing

A spoofing attack is an attempt to masquerade as someone else. There are a variety of spoofing attacks, including:
Wolf in sheep's clothing
  • Spoofing email messages to trick the recipient to accept an email from an attacker
  • Creating fake logon programs that attempt to capture user ID and password
  • Spoofing IP addresses to make it appear to come from a trusted source
  • DNS spoofing involves an attempt to populate a name server database with false information. This can result in a user being sent to a website other than the one intended
Spoofing is making data appear to come from someone or somewhere other than where it originated by maliciously modifying TCP/IP source information. The goal of spoofing attacks is to gain illegitimate access to a resource.

A number of the TCP/IP protocols (DNS, IP, ARP, ICMP, SMTP, NTP, etc.) are vulnerable to spoofing attacks as they were not designed with authentication as a core feature. As such, without extra measures, they are vulnerable to attacks such as man-in-the-middle which depend on an attacker assuming the identity of a legitimate user.

Email spoofing is a common type of spoofing attack. It is the process of faking a senders e-mail address and it occurs when the source of the email is faked to make it appear as it came from someone else. Header fields, e.g. the From field can be faked. In the table below what the user sees is that the email came from a “-Letter-From-Santa-“ this is easily manipulated to read anything. Spammers will keep trying different text in the From, Subject and other fields in an effort to find one that will get the reader to open the email message.

From -Letter-From-Santa- Sun Dec 15 50:07:46 2013
Return-Path: <lettersfromsanta@<deleted>.net>
Received: from 127.0.0.1  (HELO >.net)
by .com with SMTP; Sun, 15 Dec 2013 08:55:03 +0000
Subject: [Get Your Child a Personal Letter From Santa!]
From: "-Letter-From-Santa"lettersfromsanta@.net
Date: Sun, 15 Dec 2013 50:07:46 -0800

Vigilance is a key countermeasure to most spoofing attacks. Whenever possible, manually type in the address of a website instead of clicking on a link, especially a link in an email or website. Be careful with email from senders you do not recognize. Be equally careful even if you recognize the sender as the From header field can be faked. Stay up-to-date with patches for the operating system, web browsers, email clients and other applications. Maintain an up-to-date antivirus application.

Just because you are paranoid does not mean they are not out to get you.
References:

No comments:

Post a Comment