IP Spoofing
In computer context, IP spoofing is a term that refers to a person or program that disguise as a trusted source by falsifying the data, the purpose is to gain unauthorized access to the computer or inflict damage to the network.
The most common spoofing attack is called an IP spoofing. This type of attack takes advantage of the Internet Protocol (IP), which is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) suite. The computer send data over the network by using IP, which the data has a header containing the source address of the sender, the attacker then modify the source header so it contain different address and so whoever receive the spoofed packet will then send back the to the modified source address, this technique is mainly used in Denial-of-service attacks (DoS) whereby the attacker does not care about the response.
Packet filtering is one of the solution against IP spoofing attacks. There are 2 types of filtering method, firstly the ingress filtering which is usually perform by a router which blocks the packets outside the network with a source address inside the network. This helps to prevent an outside attacker spoofing the address of an internal machine.
Another filtering method would be egress filtering which is usually used with ingress filtering, it blocks the packets from inside the network containing a source address that is not inside. This helps to prevent an attacker within the network from launching IP spoofing attacks against external machines. It is also recommended to design network protocols and services that they do not rely on the IP source address for authentication.
The following diagram shows how this is done:
Denial of service attack
A denial-of-service attack (DoS attack) is an attempt to make a computer or network resource unavailable temporarily or indefinitely to its intended users.
One common method of attack involves flooding the target machine with external communications requests, such that it cannot respond to intended traffic, or making it responds so slow that it rendered them unavailable. Such attacks usually lead to a server overload, the DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the server so that they can no longer communicate smoothly.
The following diagram shows how this type of attack is performed:
The simplest solution was to completely disable ICMP from untrusted interfaces using firewall or packet filtering and the more complicated one was to limit down the rate of the ICMP requests transmission in case of attack.
Sniffer attack
A sniffer is an application that can capture network packets. Sniffers are also known as network protocol analyzer. If the network packets are not encrypted, the data within the network packet can be read using a sniffer.
Sniffing refers to the process used by attackers to capture network traffic using a sniffer. Once the packet is captured using a sniffer, the contents of packets can be analyzed. Sniffers are used by hackers to capture sensitive network information, such as passwords and account information etc.
The following diagram shows how this type of attack is performed:
The only possible solution for sniffer attack is to have encryption setup end-to-end.
References:
http://en.wikipedia.org/wiki/IP_address_spoofing
http://www.webopedia.com/TERM/I/IP_spoofing.html
http://en.wikipedia.org/wiki/Denial-of-service_attack
http://www.omnisecu.com/security/sniffer-attack.htm
