STEP 9 - IP SPOOFING AND ITS USE


As we have covered almost all topics of scanning this is the last topic that come under scanning....


First of all ..

WHAT IS IP SPOOFING??
Ip spoofing is basically encrypting your Ip address so that it appears something else to attacker or victim i.e it is the virtual Ip address..


~ IP Spoofing is when an attacker changes his IP address so that he appears to be someone else.
~ When the victim replies back to the address, it goes back to the spoofed address and not to the attacker’s real address.
~ You will not be able to complete the three-way handshake and open a successful TCP connection by spoofing an IP address.


HOW TO DETECT IP SPOOFING ??


When an attacker is spoofing packets, he is usually at a different location than the address being spoofed
Attacker's TTL(Time to Live i.e Time for which IP is allocated for use) will be different from the spoofed address' real TTL. If you check the received packet’s TTL with spoofed one, you will see TTL doesn't match.

These things are blocked in latest versions of Windows i.e after SP3. Firewall will itself block any spoofing attacks...


This Is all about the IP spoofing and Scanning Part.  

0 comments:

Post a Comment

Sponsers