Distributed Denial of Service Attack
The IP spoofing is mostly used in Distributed denial of service attacks (DDoS), in which hackers are concerned with consuming bandwidth and resources by flooding the target host machine with as many packets as possible in a short span of time. To effectively conducting the attack, hackers spoof source IP addresses to make tracing and stopping the DDoS as difficult as possible. Here the attacker scans internet and identifies the hosts with known vulnerabilities and compromise them to install attack program and then exploits the vulnerabilities to gain the root access.
This type of attack takes place when the hacker is on the same subnet as the target that can see sequence and acknowledgement of every packet. This type of spoofing is session hijacking and an attacker can bypass any authentication measures taken place to build the connection. This is achieved by corrupting the DataStream of an established connection, then re-establishing it based on correct sequence and acknowledgement numbers with the attack host machine.
This type of attacks may take place from outside where sequence and acknowledgement numbers are not reachable. Hackers usually send several packets to the target host machine in order to sample sequence numbers, which is suitable in previous days. Now a days, almost every OSs implement random sequence number generation for the packets, making it difficult to predict the sequence number of packets accurately. If, however, the sequence number was compromised, information can be sent to the target host machine.
Man in the Middle Attack
This attack is also known as connection oriented hijacking. In this attack mainly the attacker or the interrupter will attack the legal communication between two parties and eliminates or modifies the information shared between the two hosts without their knowledge. This is how the attacker will fool a target host and steal the data by forging the original host's identity. In the TCP communication desynchronized state is given by connection oriented hijacking. Desynchronized connection is that when the packet sequence number varies for the received packet and the expected packet.TCP layer will decide whether to buffer the packet or discard it depending on the actual value of the received sequence number. Packets will be discarded or ignored when the two machines are desynchronized. Attacker may inject spoofed packets with the exact sequence numbers and change or insert messages to the communication. By staying on the communication path between two hosts attacker can modify or change packets. Creating the desynchronized state in the network is the key concept of this attack.
Various types of IP spoofing and its attacks are explained in this chapter.Here we have discussed about four types of spoofing attacks like Distributed Denial of Service Attack, Non-blind spoofing, blind spoofing and Man-in-the-middle attack, and also how these attacks can create problems to destination machines.