Knowledge Center

Packet spoofing or IP spoofing is the creation of Internet Protocol (IP) packets having a source IP address with the purpose of concealing the identity of the sender or impersonating another computing system. A spoofing attack occurs when a malicious party impersonates another device or user on a network in order to launch attacks against network hosts, steal data, spread malware, or bypass access controls.

The attacker creates an IP packet and sends it to the server, which is known as an SYN (synchronize) request. The attacker puts own source address as another computer’s IP address in the newly created IP packet. The server responds back with a SYN ACK response, which travels to the forged IP address. The attacker receives this SYN ACK response sent by the server and acknowledges it so as to complete a connection with the server. Once this is done the attacker can try various commands on the server computer. The most common methods include IP address spoofing attacks, ARP spoofing attacks, and DNS server spoofing attacks. Common measures that organizations can take for spoofing attack prevention include packet filtering, using spoofing detection software, and cryptographic network protocols.