Spoofing is the act of falsifying some trust between different parties. A spoofing attack is a computer security term used to falsify different applications, protocols, and systems to gain an illegitimate advantage. Spoofing also defined as the attacker’s ability to pass themselves off as someone else for the target system.
Spoofing can be done in different environments, protocols, systems with different tools. Spoofing attack generally executed in the IT environment but there are some alternative spoofing attacks which are executed in the different areas like Geolocation, Phone Systems.
Spoofing History
The term spoofing is created by the English comedian Arthur Roberts in the 19th century. Today the spoofing is used in computing security in order to define an attack-type which can be implemented in different ways with different methods.
Spoofing Types
As there are a lot of different types of systems and protocols used today IT systems there are a lot of spoofing tools.
ARP Spoofing
ARP is a network protocol used to resolve IP address and MAC address vice versa. Generally a host will ask the MAC address of the given IP address. ARP spoofing can be executed by providing fake MAC address for the ARP request for the given IP address. ARP spoofing is very popular technique in the network attacks which is mainly used inside the LAN.
IP Address Spoofing
IP address spoofing is another network-related spoofing or attack technique where the sender or source provides fake source IP address information inside the IP packets. IP spoofing can be used for the DDoS attacks where the attacker identity can be found and attacks can not be prevented as every IP packet comes from a different IP address.
MAC Spoofing
MAC spoofing is another type of network-related spoofing where the network host uses different MAC address for the Layer2 communication. MAC address is changed for a different type of attacks to prevent detection and prevention for the MAC address and IP address of the attacker. MAC spoofing can be also used to connect MAC address restricted network to provide fake but valid MAC addresses.
Referrer Spoofing
Some web sites use the HTTP protocol referrer mechanism. Referrer mechanism simply provides a referrer site when requesting some web page from another site in order to provide some part of authenticity. The referrer header is added to the HTTP request. When the web site we want to access process the HTTP request it will check the referred header. The referrer URL can be tricky because it can be set different URLs even these web sites are not referred. Referrer spoofing can be also called as Ref-tar spoofing.
Caller Id Spoofing
Public telephone lines provide the caller ID during the initialization phase of a call. The caller ID or name is provided by the calling part where it can be changed in some cases. Especially the VoIP technology allows easily changing the Caller ID easily where different caller ID can be provided to the remote part.
E-mail Address Spoofing
Emails use a similar header mechanism during the transmission. The sender information is provided as a header inside the email. Also, the sender email address is provided inside the sender information with the From: header. This header can be used for spoofing by providing fake information and abuse the receiver’s trust. The from header can contain different address then the original one like bill@microsoft.com even this is not the email sender. This technique is generally used by the spammers. This vulnerability is related to the SMTP protocol, which is used for transmitting the emails between email servers.
Geolocation Spoofing
Geolocation spoofing is used to provide the geographic location of the client in different countries. Geolocation spoofing is mainly used to access entertainment content which is some times restricted for specific countries by using IP addresses and ASN maps. Geolocation spoofing is mainly implemented with the VPN, Web Proxy, or DNS Proxy methods. VPN is the most popular method for geolocation spoofing where the VPN user can imitate its web traffic from a specific country it wants. The single restriction is the VPN should have a server in the country to be used.
GPS Spoofing
GPS spoofing will provide fake GPS signals to the GPS receivers. GPS receivers use the satellite provided GPS signals to get a precise location. These signals are provided from satellites located in the space. The GPS spoofing will overwrite the existing genuine GPS signals with the fake ones and the GPS receivers will calculate their locations with these fake GPS signals. GPS spoofing is hard to implements because of multiple GPS signals creating and overwriting existing signals.
DNS Spoofing
DNS is used to resolve domain names into IP addresses. Domain names resolving process can be also spoofed with fake IP addresses. DNS spoofing also called DNS cache poisoning.
Extension Spoofing
Files are identified with names and extensions. Extensions are used to specify the type or content of the file. Attackers can spoof the extension of the file in order to run executable files covertly. For example “test.txt.exe” file can be shown like a txt file to click the user and run the executable file.
Text Message (SMS) Spoofing
SMS is very popular and basic protocol used in phone to sent text messages. It is a basic protocol where the text messages can be spoofed as sent by other parties easily.
Spoofing Tools
Spoofing in computer security is generally a technical actions which generally requires some tools to implement. Below some spoofing tools are listed for different spoofing attack types.
- admid-pack is a tools used for the DNS spoofing
- arenea is a tool used for DNS spoofing which is fast.
- dns-spoof is yet another DNS spoofing tool.
- lans is a MAC address spoofing tool.
- multimac is a MAC address spoofing tool.
- netcommander is a ARP spoofing tool.
Detecting Spoofing
Spoofing can be detected by using different techniques or methods. Also some security related applications or tools can be used to detect or help of detection of a spoofing attack. Below we will list these detection techniques or methods for spoofing attack.
Detecting Email Spoofing
Email spoofing can be detected by using some software, configuration, service or inspections methods.
Email Security Software can detect the spoofing attack. It can provide detailed information about the spoofing attack. This software can be used in email servers or in users computers with different configuration.
Email Security Service can also detect email spoofing attack by examining previous attacks for the future and getting attackers information like attacker IP address, attack technique, attacking content, target types etc.
Email Inspection can be done by the user where some suspicious information can be detected with humen eye. Following list provides some suspicious elements inside an email.
- Sender uses
Generic Email Domain - Sender starts the mail with a
Generic Greeting - Sender asks for the users
Personal Information - The email contains
Strange Attachments - Email text or body contains
Mistakes and inconsistencies - Email can provides links or URLs with
Spelling Tricks
Protection Against Spoofing
Spoofing attacks are very popular in these days which can create very serious problems. So protection against the spoofing attacks is a must for every person especially in the enterprise environments.
Awareness is one of the most effective way for the spoofing attacks.
Security Software is another important part of the spoofing where awareness do not works. Especially for the technical parts security software will work perfectly.
Security Procedures are important in order to prevent spoofing and for the future occurence of the same spoofing attack.
Cryptographic and Encrypted Protocols can be used to encrypt traffic or authenticate the remote part where the spoofing can be prevented.
Spam filters software can be specifically used for email spoofing which is very popular.