|
|
|
|
|
Spoofing AttackA spoofing attack, in computer security terms, refers to a situation in which one person or program is able to masquerade successfully as another. An example from cryptography is the man in the middle attack, in which an attacker spoofs Alice into believing he's Bob, and spoofs Bob into believing he's Alice, thus gaining access to all messages in both directions without the trouble of any cryptanalytic effort. The attacker must monitor the packets sent from Alice to Bob and then guess the sequence number of the packets. Then the attacker knocks out Alice with a SYN attack and injects his own packets, claiming to have the address of Alice. Alice's firewall can defend against spoof attacks when it has been configured with knowledge of all the IP addresses connected to each of its interfaces. It can then detect a spoofed packet if it arrives from an interface that is not known to be connected to that interface. Many carelessly designed protocols are subject to spoof attacks, including many of those used on the Internet. See internet protocol spoofing. Another kind of spoofing is "web page spoofing," also known as phishing. In this attack, a web page is reproduced in "look and feel" to another server but is owned and operated by someone else. It is intended to fool someone into thinking that they are connected to a trusted site. Typically, a bank's log-in page might be spoofed by a crook. The crook then harvests the user names and passwords. This attack is often performed with the aid of DNS cache poisoning in order to direct the user away from the legitimate site and into the false one. Once the user puts in their password, the attack-code reports a password error, then redirects the user back to the legitimate site. "Spoofing" can also refer to copyright holders placing distorted or unlistenable versions of works on file-sharing networks, to discourage downloading from these sources.
|
 |
|
| Copyright 2005-2009 OnPedia.com. All Rights Reserved |
|
|