HiLCoE

School of Computer Science

And
Technology

Computer Security (CS486)

Spoofing Attacks

Group Members: ID:

1. Abel Guta ES2594
2. Daniel Wondwossen FL9474
3. Kirubel Shiferaw OA1852

Submitted To: Instructor Mohammed A.

Date : 02/05/2020
 Table of Content

Introduction ........................................................................................................... 2
Spoofing................................................................................................................. 3
Types of Spoofing Attacks ...................................................................................... 4
Examples of Spoofing Attack .................................................................................. 5
Conclusion ............................................................................................................. 8
Recommendations ................................................................................................. 8

1
 Introduction

Computer Security basically is the protection of computer systems and information from harm,
theft and unauthorized uses. It is the process of preventing and detecting unauthorized use of
the system.
Often people confuse computer security with other related terms like information security and
Cyber security. One way to ascertain the similarities and differences among these terms is by
asking what is being secured. For example, Information Security is securing information from
unauthorized access, modification & deletion. And computer security means securing a
standalone machine by keeping it updated and patched.
Cyber security is defined as protecting computer systems, which communicate over the
computer networks. So, Computer security can be defined as controls that are put in place to
provide confidentiality, integrity, and availability for all components of computer systems. The
components of a computer system that needs to be protected are:

HARDWARE - the physical part of the computer, like the system memory and disk drive
FIRMWARE - permanent software that is attached into a hardware device’s nonvolatile
memory and is mostly invisible to the user.
SOFTWARE - the programming that offers services, like operating system, word processor,
internet browser to the user.

In this Project we will try to elaborate and give a detailed information on a specific type of
Computer security threat namely “SPOOFING ATTACK”. How it affects our computer and Ways
to know when we are attacked and precautions we must take before being attacked.

2
 Spoofing

Definition 1: Spoofing is a type of an attacking scheme that is used to trick humans and networks
into believing that a source of information is trustworthy when, in actuality, it is not. During a
spoofing attack, a criminal will pose as a known and trusted source so they can mine for personal
information and eventually wreak havoc on a business. It is the act of disguising a communication
from an unknown source as being from a known, trusted source.

Definition 2: A spoofing attack is when a malicious party impersonates another device or user
on a network in order to launch attacks against network hosts, steal data, spread Malware or
bypass access controls.

Definition 3: Spoofing is the act of disguising a communication from an unknown source as

being from a known, trusted source.

In simple terms Spoofing is the act of changing or communicating a certain party by changing
their identity or impersonating that they message received is from a known source in order to
launch different attacks, steal information and do different unwanted staff to the normal user
without the user’s knowledge.

Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a
computer spoofing an IP address, Address Resolution Protocol (ARP), or Domain Name System
(DNS) server.

It can be used to gain access to a target’s personal information, spread malware through
infected links or attachments, bypass network access controls, or redistribute traffic to conduct
a denial-of-service attack. Spoofing is often the way a bad actor gains access in order to execute
a larger cyber-attack such as an advanced persistent threat or a man-in-the-middle attack.
Successful attacks on organizations can lead to infected computer systems and networks, data
breaches, and/or loss of revenue—all liable to affect the organization’s public reputation. In
addition, spoofing that leads to the rerouting of internet traffic can overwhelm networks or
lead customers/clients to malicious sites aimed at stealing information or distributing malware.
Spoofing is coordinated attack against your network security when someone or something
pretends to be someone or something, they are not in an attempt to gain access to your
systems, steal your data, or gain your confidence.

3
 Types of Spoofing Attacks

Non-Blind Spoofing
This type of attack happens when the attacker is on the same IP network subdivision as the
victim. The sequence and acknowledgement numbers can be easily identified, eliminating the
possible difficulty of calculating them accurately. The biggest risk of spoofing in this case would
be session hijacking. This is capable by corrupting the data stream of an established connection,
then re-establishing it based on correct sequence and acknowledgement numbers with the
machine used for the attack. Using this technique, an attacker could successfully bypass any
authentication measures taken place to build the connection.

Blind Spoofing
This is a more sophisticated attack, because the sequence and acknowledgement numbers are
unreachable. In order to circumvent this, several packets are sent to the target machine in
order to sample sequence numbers. While not the case today, machines in the past used basic
techniques for generating sequence numbers. It was relatively easy to discover the exact
formula by studying packets and TCP sessions. Today, most OSs implement random sequence
number generation, making it difficult to predict them accurately. If, however, the sequence
number was compromised, data could be sent to the target. Several years ago, many machines
used host-based authentication services (i.e. Rlogin). A properly crafted attack could add the
requisite data to a system (i.e. a new user account), blindly, enabling full access for the attacker
who was impersonating a trusted host.

Man In the Middle Attack

Both types of spoofing are forms of a common security violation known as a man in the middle
(MITM) attack. In these attacks, a malicious party intercepts a legitimate communication
between two friendly parties. The malicious host then controls the flow of communication and
can eliminate or alter the information sent by one of the original participants without the
knowledge of either the original sender or the recipient. In this way, an attacker can fool a
victim into disclosing confidential information by “spoofing” the identity of the original sender,
who is presumably trusted by the recipient.

Denial of Service Attack

IP spoofing is almost always used in what is currently one of the most difficult attacks to defend
against – denial of service attacks, or DoS. Since crackers are concerned only with consuming
bandwidth and resources, they need not worry about properly completing handshakes and
transactions. Rather, they wish to flood the victim with as many packets as possible in a short

4
amount of time. In order to prolong the effectiveness of the attack, they spoof source IP
addresses to make tracing and stopping the DoS as difficult as possible. When multiple
compromised hosts are participating in the attack, all sending spoofed traffic, it is very
challenging to quickly block traffic.

Having said all this on the definitions and types on Spoofing attack. How does Spoofing
Works?
Spoofing can be applied to a number of communication methods and employ various levels of
technical know-how. Spoofing can be used carry out phishing attacks, which are scams to gain
sensitive information from individuals or organizations. The Following are typical examples of
spoofing attacks

Examples of Spoofing Attack

1. Email Spoofing
Email spoofing is when an attacker sends emails with false sender addresses, which is typically
part of a phishing scam. These types of spoofing attacks are designed to steal your information,
infect your computer with malware, or simply blackmail you for money. These emails may also
use social engineering to convince the victim to freely disclose sensitive information.
In addition to a false sender address, keep an eye out for red flags in these emails like typos,
missing logos, addressing you as “customer” instead of your real name, or a blackmail attempt.

2. Caller ID Spoofing
Scammers who are performing a caller ID spoofing attack trick your caller ID by making the call
appear to be coming from somewhere it isn’t. You’ve probably encountered telemarketers
using phone numbers with area codes you recognize. This method is similar to that but much
more sinister.
These hackers’ prey on the fact that you’re more likely to answer a phone call if the caller ID
shows the area code you live in or one nearby. In some cases, a hacker using this method may
even spoof the first few digits of your phone number, including the area code, to make it seem
like the call is coming from your neighborhood.

3. GPS Spoofing
When you trick your device’s GPS into thinking you’re in one location, but you’re really in
another, that is GPS spoofing. This method became popular because of Pokémon Go.
Thanks to GPS spoofing, users of this popular mobile game could cheat and catch different
Pokémon, take over a fighter gym and win in-game currency, and even say they were in a
completely different country without even leaving their house.
5
4. Website Spoofing
Website spoofing, which can also be called URL spoofing, is designed to make a malicious
website look like a legitimate one. Oftentimes, scammers spoof their scam website into looking
like a website you use regularly, like Facebook or Amazon.
The spoofed website will have familiar login page, the right branding, and even a
spoofed domain name that looks to be correct at first glance. Hackers will use these websites
to steal your username and password, or even drop malware onto your computer. Once they
have that information, they can change the passwords over and lock you out of your own
account. From there, they can use your Facebook friends list to scam your friends and family or
even order fraudulent purchases from online retailers.
Oftentimes, website spoofing is used alongside email spoofing. The scammer will send you an
email designed to encourage you to update your password or click a tainted link that directs
you right to the fraudulent website.

5. IP Spoofing
IP spoofing is when an attacker hides or disguises the location from which they’re sending or
requesting data from. In regards to cyber security and potential threats to your data, IP
address spoofing is used in DDoS attacks to prevent malicious traffic from being filtered out
that could hide the attacker’s true location.

6. Text Message Spoofing

Text message spoofing, or SMS spoofing, is when a hacker sends a text message with someone
else's phone number or sender ID.
For example, if you have an iPhone and have iMessages synced to your MacBook or iPad,
you’ve spoofed your phone number to send a text, since the text didn’t come from your phone,
but instead a different device

While some companies may spoof their numbers for marketing or convenience by replacing a
long number with one that’s short and easy to remember, hackers do the same thing: hiding
their true identity behind a number as they pose as a legitimate company or organization.
These text messages typically include links to malicious websites or malware downloads.

7.DNS Spoofing
Each computer and each website on the internet are assigned their own unique IP address. For
websites, this address is different from the standard “www” internet address that you use to
access them. When you type in a web address into your browser and hit enter, the Domain
Name System (DNS) quickly finds the IP address that matches the domain name you entered

6
and redirects you to it. Hackers have found ways to corrupt this system and redirect your traffic
to malicious websites. This is called DNS spoofing.
Also known as DNS cache poisoning, this method is used by cybercriminals to introduce corrupt
DNS data on the user’s end, thus preventing them from accessing the websites that they want
to access. Instead, no matter what web address they type in, the user will be redirected to the
IP addresses defined by the hacker, which most often hosts malicious software or fake forms
that harvest the victim’s personal data.

8.DDoS Spoofing
DDoS spoofing is a subtype of IP spoofing used by hackers to carry out Distributed denial-of-
service (DDoS) attacks against computers, networks, and websites. The attackers use various
techniques to scan the internet for computers with known vulnerabilities and use these flaws to
install malicious software. This allows them to create botnets, armies of “robot” computers, all
remotely controlled by the hacker.
Whenever they want, the hacker can activate all the computers in their botnet and use their
combined resources to generate high levels of traffic to target websites and servers in order to
disable them. Each of these computers has their own unique IP address. Considering that
botnets can comprise a million or more computers with as many unique IPs, tracing the
hacker’s actual IP address may prove impossible.

9.ARP Spoofing
Every internet-connected device has its own Media Access Control (MAC) address that is linked
to the device’s unique IP address via the Address Resolution Protocol (ARP). Cybercriminals can
hack into their target’s local area network and send false ARP data. As a result, the hackers’
MAC address will become linked to the target’s IP address, thus giving them insight into their
target’s incoming traffic.
Hackers opt for ARP spoofing to intercept sensitive data before it reaches the target computer.
They may also modify parts of the data so that the recipient can’t see them, while some hackers
will stop the data in-transit, thus preventing it from reaching the recipient. ARP spoofing attacks
can only be carried out on local area networks use ARP. In addition, the hacker must first gain
access to the local area network.

7
 Conclusion

Generally speaking, a spoofing attack is when the attacker disguises themselves as a known and
trusted source to gain access to the victim. After gaining access they will retrieve any
information they want. Examples of spoofing attacks can be text message Spoofing, Email
Spoofing, DNS Spoofing, Website Spoofing etc. Unless it’s from a trusted source, we shouldn’t
open the email or text message.

Recommendations

We can’t achieve a good security just by controlling everything manually, like noticing every
change or any suspicious activity that appears on our computer.

One way to avoid email spoofing is to use email anti-spam software that will filter email content
for malware, viruses, and other suspicious activity.

Here we have tried to list out some of the prevention methods that must be taken to protect
our computer against attack. These are:

• Keep an eye out for incorrect spelling and poor grammar in emails
• Pay close attention to sender addresses of emails
• Never click on an unfamiliar link or download an attachment
• Turn on your spam filter to stop the majority of spoofing emails
• Use multi-factor authentication when logging in to your accounts
• Consistently update your network and utilize patch management
• Ensure your firewalls are setup
• Only visit sites with a proper SSL certificate
• Know the steps to take if you fall victim and need to recover from a cyber attack
• Never give out your personal information online
• Performing penetration testing and red testing
• For networks, we should Implement Packet Filtering and avoid Trust Relationships.
• Using Spoof Detection Programs.