An IP (internet protocol) address is a whole lot like a physical postal address in that it gives your computer a unique identifier that allows it to be differentiated from every other device online. There are two types of standard when it comes to IP addresses. These are IP Version 4 (abbreviated to IPv4) and IP Version 6 (IPv6). Every computer with an IP address has an IPv4 address and the majority also have an IPv6 address.
But while your IP address might be unique, meaning that its series of digits won’t be repeated exactly for any other IP address that’s handed out, hackers can sometimes attempt to spoof it. IP spoofing involves the creation of IP packets with a modified source address. Networked computers and other connected devices send and receive IP packets when they communicate, letting them know exactly who they are talking to. This is done using UDP (user datagram protocol), a connectionless transport protocol containing basic information such as source and destination port numbers and message length. If a packet is spoofed, it will forge the address to either obscure the identity of the person who sent it or to impersonate a sender (or sometimes both at once.)
Imagine what would happen if you were to be sent a traditional letter with a return address written on the envelope. If you wanted to respond with a letter of your own, you would write the letter to the return address, assuming that this was the person who sent you the message. This is what IP spoofing does, causing the response to be sent to the target whose IP address is included in the spoofed message.
Because this process is automated, meaning that no human is manually writing the responses, all of this takes place without the user knowing what is going on. But what is happening on a systematic level is that the packet, containing the source IP, appears to come from a trusted sender. That allows it to get around security systems that might seek to block certain IP addresses or else to make it difficult to trace the original sender.
This exploit can be used for nasty attacks.
Port scanning and other nastiness
Port scanning is a particularly popular technique among hackers. The aim is to find services that can be used to break into systems, a bit like a thief who checks out a potential target house to see which windows or doors might allow for easy access. Port scanning starts by finding potential hosts the attacker is connected to, and mapping said hosts to their respective IP addresses. Once this has been done, hackers will then carry out a port scan to discover whether ports are open, closed, or filtered. They are looking for ports on a network that are open and will send a packet to show they are listening. Attackers can then scope out security levels to determine firewalls and potential vulnerabilities. This is exactly why it’s important for your to implement a sturdy vulnerability management solution.
One way that a potential hacker will hide their identity in a port-scanning attack is with a so-called “zombie” scan or idle scan. An idle scan sends spoofed packets to a target — impersonating another computer called a zombie, the term for an internet-connected machine that has been hacked or infected by a virus or trojan horse to allow it to be remotely controlled. A zombie or idle scan is effective because, once it has been carried out, there’s no way of tracing the attacker’s real IP address.
Zombie computers are often used in a type of attack called a DDoS (distributed denial-of-service attack). In these attacks, large numbers of zombie computers are harnessed in a “botnet” used to bombard targets with fraudulent traffic with the aim of bringing down a particular service or website. DDoS attacks can last anywhere from a few minutes to several days, and can be devastating in their effect by stopping legitimate traffic from getting through, thereby rendering targeted sites useless.
There are various different types of DDoS attack, including DNS amplification, in which targets are flooded with false DNS (Domain Name System) requests in order to eat up enough network bandwidth that a website or service fails.
Protecting against IP spoofing
As part of any modern cybersecurity setup, it’s immensely important to protect against the effects of IP spoofing. IP spoofing can be used to gain access to sensitive data, turn your computers into zombies, and launch DDoS attacks. Certain steps, such as migrating sites to IPv6 (referring to the newest internet protocol) makes IP spoofing more difficult through the use of authentication and encryption steps.
However, it’s strongly advised that you also consider bringing in cybersecurity experts to help safeguard against IP spoofing attacks. A seasoned professional should be able to provide tools for monitoring networks to check for any anomalous traffic using a WAF (web application firewall). In doing so, they can block malicious traffic — like UDP requests targeted at ports that don’t exist — before they reach your website. They will also be able to ward off DDoS attacks, which can be enormously devastating to those who are targeted by them.
IP spoofing is just one of the ways that hackers make things difficult for innocent victims online by exploiting one of the fundamental technologies developed to allow computers to talk to one another. Fortunately, the tools are there to help you fight back. This way you’ll be able to concentrate on speaking to your customers and those who rely on you — not worrying that your computer is speaking to people who may not be who they claim to be at all.
