Spoofing is a fraudulent practice in which a person or malicious program is disguised as a known computer/tablet/phone by cloning device information. The purpose of these attacks is to trick the recipient into allowing the transfer of data or secure transactions. The most common spoofing attacks include IP Spoofing, ARP Spoofing, and DNS Spoofing.
IP Spoofing occurs when an attacker mimics a legitimate IP address to access network information as a trusted device. Replicating the IP address causes systems to believe the source is reputable and thus allow transactions to be permitted to the spoofed device.
ARP Spoofing, or “address resolution protocol,” happens when the attacker hides quietly in the network, attempting to redirect network traffic to the attacker’s device instead of the intended device. The assailant then intercepts, modifies, or even stops information to and from other computers and routers. ARP can be used for DoS (denial-of-service), hijacking and other types of attacks.
DNS Spoofing is when the attacker modifies DNS (domain name system) data so that it redirects network traffic to fake servers which are either made to look like legitimate servers. These fraudulent servers are then used to capture login credentials, or they are infected with malware and can be used to spread ransomware, viruses and worms throughout your system.
Here are practices that should be implemented to properly avoid these tricky spoofing attacks:
- Protect your network to prevent unauthorized access for both wired and wireless computers. Secure all locations where servers, switches, and routers are located.
- Disconnect unused network jacks from switches, especially in conference rooms and other locations where guests may be allowed.
- Network Monitoring that includes packet filtering should be utilized so inconsistencies can be found, and alerts sent immediately.
- Use internal servers to handle DNS resolution.