Spoofing attacks

How to Guard Against Spoofing Attacks

Sharing is Caring:

Spoofing attacks are done by tricking the target by pretending that they are trustworthy hosts. this technique is used to gain access to a computer or system, attacker deceives by stating that he is a trusted host who can help target needs, when the target is deceived the attacker will use the target data and information to access the target system and take advantage of the system that was successfully hacked.

Some forms of spoofing attacks are often used :

man-in-the-middle
routing redirect
source routing

Many forms of Spoofing attacks are carried out by hackers but the three forms of attacks above are often carried out by hackers

Man-in-the-middle

MITM or Man-In-The-Middle is a form of attack by eavesdropping, the attacker creates an independent connection with the target and relay messages between them, thus making them believe that they are talking directly to each other with a personal connection,But in reality the whole conversation was being controlled by the attacker.The thing done by the attacker is holding back the message that happened and changing all the messages

Basic concept of this attack in general is that the attacker is in the middle or between two computers that are communicating, so that technically it allows the attacker to see, change and control the data sent between the two computers.

Routing redirect

Routing redirect is a form of attack by retrieving data sent by the tager, the attacker changes the location of the data sent by the target to his location. Usually the target of this attack is data sent via email, company router network, and company wifi network which aims to get information from the data sent by the target.

Understanding the word redirect is (re = back and direct = direction) which means the attacker is carrying or changing the target data transmission path to him

Source routing

Source routing technique in some cases is a legal activity. For example, this technique can be used to find a router IP address on the network. Abuse of this technique is used by attackers to learn the ins and outs of the network to be attacked. Data will contain information about which routes and websites have been passed,

The attacker sends data to the network to collect and obtain information about the network topology used by the target. If the source routing is successful, the attacker can get the target network path and can search for actions that have been carried out by the target and then the attacker can steal all information that the target has left, such as accounts, uploaded data and data sent by the target.

Preventive measure

Prevention of web spoofing

1. Do not activate Javascript in the browser so the attacker cannot hide clues or evidence of an attack.
2. Ensure that the browser’s location line is always visible.
3. Pay attention to the URL displayed on the browser’s location line to make sure the URL refers to the server of the  actual site visited.

Prevention of DNS spoofing

DNS spoofing can be overcome by disabling recursive queries to name servers by making split DNS, which is to create two name servers. The main name server is used to handle the domain name from the public domain, while the second name server in the internal network is the cache name server that is responsible for answering queries from the user requesting the domain

Prevent ARP Spoofing

1. Check MAC Address using Colasoft MAC Scanner tools.
2. Scan the network, if there are 2 pieces of the same IP Address with the client’s broken gateway from the network then scan the virus using an antivirus that has up-to-date virus databases.
3. After virus scanning, this closing step is done, open the Prom Command then type: arp –s ip_address_gateway mac_address_gateway then press the Enter key

Prevent IP Spoofing

1. Installing filters on routers by utilizing “Ingress and Engress filtering” on routers is the first step in defending itself from spoofing.
2. Our encryption and authentication can also overcome IP spoofing by implementing data authentication and encryption.

Leave a reply:

Your email address will not be published.

Site Footer