Both MAC and IP Addresses can be spoofed using different tools available to an attacker.

They might carry out a ARP poisoning attack creating a Man In The Middle so they can see all traffic going between host devices and the default gateway of the network. CAM table overflow attack is another were an attacker would send thousands of spoofed MAC addresses into a network to fill up the CAM table of a switch.

Attackers spoof IP Addresses when carrying out DDoS attacks particularly when using reflection attacks. The attacker would set the source address to the end point they want to attack so when they send a request to an open NTP server on the internet using the ‘monlist’ command (which requests the last 600 IP addresses that requested time from the NTP server) the reply will go to the end point that the attacker is targeting and not back to the attacker itself.

ISPs need to be part of the solution by deploying ingress filtering on their networks to stop attackers on their network spoofing IP addresses.



One thought on “Spoofing

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s