Your IP: Unknown · Your Status: Unprotected Protected

Blog In Depth

What is IP spoofing and how can you protect yourself?

Dec 30, 2019 · 4 min read

What is IP spoofing and how can you protect yourself?

Your IP address is part of your online identity, but what if someone steals it? Then they can listen on your traffic, steal your sensitive data, or even commit cybercrimes under your name. This type of attack is called IP spoofing. Read on to learn more about this common tool hackers use and how to protect yourself.

What is IP spoofing and how does it work?

IP spoofing is when a hacker changes a packet’s original IP address to a fake one, most often making it look like the traffic is coming from a legitimate source. Hackers can also make it work the other way round and mask the receiver’s IP instead. How does IP spoofing work?

Your traffic gets divided into packets to send and receive information over the internet. They are all sent individually and are assembled at their destination – the receiver’s device or a website's servers, for example. Every packet of data you send has an IP header that contains information such as the source and receiver’s IP addresses. In a normal connection this data packet is transferred over the TCP/IP protocol.

However, this protocol has a loophole. It needs to complete a three-way TCP handshake to transfer information between two parties. Here’s how it works:

  1. The source sends a SYN message to the receiver. This establishes a connection and helps the two devices synchronize their sequence numbers;
  2. The receiver then sends an ACK message – an acknowledgement that the SYN was received.
  3. Source sends a SYN-ACK message back to the receiver and confirms the secure connection.

How IP spoofing works

In the most basic IP spoofing attack, the hacker intercepts the TCP handshake before step 3 – before the source manages to send its SYN-ACK message. Instead, the hacker sends a fake confirmation that includes their device address (MAC address) and a spoofed IP address, one of the original sender. Now the receiver thinks that the connection was established between the original sender but they’re actually communicating with a spoofed IP.

IP spoofing dangers

Creative hackers have come up with countless different ways to use spoofing maliciously. It can be used to attack individual users, servers, and even applications. Here are three of the most common malicious uses of IP spoofing:

#1 Bypass firewalls and IP authorization

IP address spoofing is most often used to bypass basic security measures such as firewalls that rely on blacklisting. This means that even if the attacker’s original IP is on the blacklist and should be blocked, it will get through as they’ll be hiding behind a spoofed IP.

This also applies to systems that have whitelists and only allow connection from “trusted” IPs. A bad actor can spoof a trusted IP and get into your computer network. Once they are in they can freely explore what’s inside. This is why companies shouldn’t rely on IP authorization only and use other authentication methods as well.

#2 Denial of service attacks

In a Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack, a server or a website is brought down by an overwhelming number of fraudulent requests. These requests are often made by devices infected with botnet worms whose owners don’t even know they’re part of a hacker’s private army.

However, IP spoofing can also be used to redirect fraudulent communications. The hacker can send out millions of requests for files and spoofs the IP addresses so all of those servers send their responses to the victim’s device.

#3 Man-in-the-middle attacks

These attacks are most common in unsecure Wi-Fi locations like cafes and airports. If you’re browsing an insecure HTTP address, a hacker can use IP spoofing to pretend they’re both you and the website or online service you’re speaking to, thereby fooling both parties and gaining access to your communications.

In a man-in-the-middle attack, none of the data you share is safe because a hacker is sitting there and “sniffing” all the information you exchange. Even seemingly innocent details can help them in future attacks or lead them breaking into your accounts. One of the best defenses against these types of attacks is a VPN.

Is IP spoofing illegal?

IP spoofing isn’t illegal if you don’t do anything illegal with it. For example, you may be using a VPN service or a proxy to change your IP in order to browse the internet safely and securely. Website administrators can also use programs to create thousands of fake online visitors to perform stress tests on their websites and servers.

However, IP spoofing is considered illegal if someone pretends to be someone else by using their IP and commits cyber crimes such as identity theft.

How to prevent IP spoofing

Detecting bad actors who spoofed source IP addresses is close to impossible. However, there are a few different methods that can help prevent or protect you from IP spoofing:

  • Monitoring networks for atypical activity;
  • Using stronger verification methods;
  • Placing a portion of your computing resources behind a firewall;
  • Migrating websites from IPv4 to IPv6;
  • Implementing ingress and egress filtering;
  • Using Deep Packet Inspection (DPI).

It’s almost impossible for an everyday user to spot IP spoofing, but to minimize the risks, you should:

  1. Only visit secure HTTPS websites. These websites run using the TLS/SSL protocol, meaning their connection is encrypted and secure.
  2. Use an antivirus software. Antivirus software will help you if someone does manage to spoof your traffic. A powerful antivirus program will scan incoming data packets to see if they contain known malicious code. This isn’t a complete defense, but it’s good to have in any case!
  3. Use a VPN. By encrypting your traffic, NordVPN makes it very difficult for hackers to view your traffic or spoof either your or your destination’s IP addresses. In addition, NordVPN’s CyberSec feature can help protect you from malicious or hacked sites that could expose you to spoofing attacks.

Improve your cybersecurity with NordVPN. Try now with a 30-day money-back guarantee!


Emily Green
Emily Green successVerified author

Emily Green is a content writer who loves to investigate the latest internet privacy and security news. She thrives on looking for solutions to problems and sharing her knowledge with NordVPN readers and customers.


Subscribe to NordVPN blog