Your IP address is part of your online identity, but what if someone steals it? Then they can listen on your traffic, steal your sensitive data, or even commit cybercrimes under your name. This type of attack is called IP spoofing. Read on to learn more about this common tool hackers use and how to protect yourself.
Dec 30, 2019 · 4 min read
IP spoofing is when a hacker changes a packet’s original IP address to a fake one, most often making it look like the traffic is coming from a legitimate source. Hackers can also make it work the other way round and mask the receiver’s IP instead. What makes IP spoofing possible on the internet?
Your traffic gets divided into packets to send and receive information over the internet. They are all sent individually and are assembled at their destination – the receiver’s device or a website's servers, for example. Every packet of data you send has an IP header that contains information such as the source's and receiver’s IP addresses. In a normal connection this data packet is transferred over the TCP/IP protocol.
However, this protocol has a loophole. It needs to complete a three-way TCP handshake to transfer information between two parties. Here’s how it works:
In the most basic IP spoofing attack, the hacker intercepts the TCP handshake before step 3, that is before the source manages to send its SYN-ACK message. Instead, the hacker sends a fake confirmation including their device address (MAC address) and a spoofed IP address of the original sender. Now the receiver thinks that the connection was established with the original sender, but they’re actually communicating with a spoofed IP.
For a briefer IP spoofing explanation check our video below.
Creative hackers have come up with countless different ways to use spoofing maliciously. It can be used to attack individual users, servers, and even applications. Here are three of the most common malicious uses of IP spoofing:
IP address spoofing is most often used to bypass basic security measures such as firewalls that rely on blacklisting. This means that even if the attacker’s original IP is on the blacklist and should be blocked, it will get through as they’ll be hiding behind a spoofed IP.
This also applies to systems that have whitelists and only allow connection from “trusted” IPs. A bad actor can spoof a trusted IP and get into your computer network. Once they are in they can freely explore what’s inside. This is why companies shouldn’t rely on IP authorization only and use other authentication methods as well.
In a Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack, a server or a website is brought down by an overwhelming number of fraudulent requests. These requests are often made by devices infected with botnet worms whose owners don’t even know they’re part of a hacker’s private army.
However, IP spoofing can also be used to redirect fraudulent communications. The hacker can send out millions of requests for files and spoofs the IP addresses so all of those servers send their responses to the victim’s device.
These attacks are most common in unsecure Wi-Fi locations like cafes and airports. If you’re browsing an insecure HTTP address, a hacker can use IP spoofing to pretend they’re both you and the website or online service you’re speaking to, thereby fooling both parties and gaining access to your communications.
In a man-in-the-middle attack, none of the data you share is safe because a hacker is sitting there and “sniffing” all the information you exchange. Even seemingly innocent details can help them in future attacks or lead them breaking into your accounts. One of the best defenses against these types of attacks is a VPN.
IP spoofing isn’t illegal if you don’t do anything illegal with it. For example, you may be using a VPN service or a proxy to change your IP in order to browse the internet safely and securely. Website administrators can also use programs to create thousands of fake online visitors to perform stress tests on their websites and servers.
However, IP spoofing is considered illegal if someone pretends to be someone else by using their IP and commits cyber crimes such as identity theft.
Detecting IP spoofing is next to impossible. And even if detected, it can be too late. However, there are a few methods to protect yourself from IP spoofing:
It’s almost impossible for an everyday user to spot IP spoofing, but to minimize the risks, you should:
Improve your cybersecurity with NordVPN. Try now with a 30-day money-back guarantee!