Google
 
   
Login
Username:

Password:


Lost Password?

Register now!
Search

Advanced Search
Main Menu
service
Impressum
Datenschutz
Haftungsausschluss
top books
Polls
What do you think about php-deluxe.net?
Excellent!
Cool
Hmm..not bad
What the hell is this?
encyclopedia
Pseudocode
General Data Format...
Nova 100
Hypodermic needle model
Bedroom programming
Foreach
Hacker
recommendation
Freenet DSL
Who's Online
7 user(s) are online (5 user(s) are browsing encyclopedia)

Members: 0
Guests: 7

more...
partner

Spoofing attack

A spoofing attack, in computer security terms, refers to a situation in which one person or program is able to masquerade successfully as another.

A common technic of spoofing is a ref-tar spoofing. Some websites are accessible only by visiting them by clicking on a link from another website. With the help of some applications you can easily spoof these websites by telling them that you are visiting them by clicking on a link from specific website.

An example from Cryptography is the man in the middle attack, in which an attacker spoofs Alice into believing he s Bob, and spoofs Bob into believing he s Alice, thus gaining access to all messages in both directions without the trouble of any cryptanalysis effort.

The attacker must monitor the packets sent from Alice to Bob and then guess the sequence number of the packets. Then the attacker knocks out Alice with a SYN attack and injects his own packets, claiming to have the address of Alice. Alice s firewall (networking) can defend against spoof attacks when it has been configured with knowledge of all the IP addresses connected to each of its interfaces. It can then detect a spoofed packet if it arrives from an interface that is not known to be connected to that interface.

Many carelessly designed protocols are subject to spoof attacks, including many of those used on the Internet. See Internet protocol spoofing.

Another kind of spoofing is web page spoofing, also known as Phishing. In this attack, a web page is reproduced in look and feel to another server but is owned and operated by someone else. It is intended to fool someone into thinking that they are connected to a trusted site. Typically, a bank s log-in page might be spoofed by a crook. The crook then harvests the user names and passwords. This attack is often performed with the aid of DNS cache poisoning in order to direct the user away from the legitimate site and into the false one. Once the user puts in their password, the attack-code reports a password error, then redirects the user back to the legitimate site.

Spoofing can also refer to Copyright holders placing distorted or unlistenable versions of works on File sharing networks, to discourage downloading from these sources..

From Pirates of the Digital Millennium by John Gantz & Jack B. Rochester, 2005, FT Prentice Hall, Upper Saddle River, NJ 07458; ISBN0-13-146315-2.