How do spoofing attacks occur

IP spoofing: this is how easily attackers manipulate data packets

The possibility of forging the IP address is given by the fact that the source and destination address that each IP packet is in its Header contains, are not adequately protected against manipulation. There are no mechanisms to encrypt this information, nor to check that it is correct. A simple IP spoofing attack does not give the attacker any access to the data traffic. It only changes the address entry in the corresponding package, while the actual IP address unchanged remains. The response to the data sent does not therefore reach him, but rather the computer whose address he specified.

The fact that a third, unauthorized participant is behind the IP packet remains hidden from the responding system, which is IP spoofing for those already addressed DoS and DDoS attacks makes usable. The following two scenarios in particular are conceivable:

  1. The attacker sends on the basis of the stolen source address Large numbers of data packets to various systems within the respective network. They respond to the establishment of contact by also sending a data packet - to the actually uninvolved computer whose IP address was misappropriated.
  2. A targeted target computer receives at the same time Data packetsfrom various fake IP addresses and is thereby overloaded.

The computers whose IP address the attacker steals can either be the target of the DDoS attack or act as a tool for such a network. In both cases the attacker remains undetected, since the sent packets seem to come officially from the computers whose IPs were taken over.