IP Spoofing
IP spoofing is a technique used to gain unauthorized access to computers or to carry out attacks by disguising the sender's IP address.
Variants: 1. DDoS Reflection. 2. Blind Hijacking. 3. Trust-relationship exploitation. Defense: BCP 38, Cryptographic authentication (IPSec).
graph LR
Center["IP Spoofing"]:::main
Rel_data_type["data-type"]:::related -.-> Center
click Rel_data_type "/terms/data-type"
Rel_threat_intelligence["threat-intelligence"]:::related -.-> Center
click Rel_threat_intelligence "/terms/threat-intelligence"
classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
linkStyle default stroke:#4b5563,stroke-width:2px;
🧒 Explain Like I'm 5
Imagine if a prankster sent a thousand pizzas to your house, but they told the pizza shop that *you* called and ordered them. The pizza shop thinks they are helping you, but really you are getting flooded with pizzas. That's IP spoofing: pretending to be someone else to cause trouble for them.
🤓 Expert Deep Dive
Technically, IP spoofing exploits the lack of 'Source Verification' in the basic IP header. This is the foundation for 'Reflection/Amplification DDoS' attacks (using protocols like DNS or NTP). In 'Blind Spoofing', the attacker can't see the response but can still disrupt services. In 'Non-blind Spoofing', if the attacker is on the same local network, they can see the responses and potentially hijack a whole session by predicting TCP 'Sequence Numbers'. The primary defense is 'Ingress Filtering' (checking that packets entering a network actually belong to that range) and 'uRPF' (Reverse Path Forwarding), which checks if the router would use the same interface to reach the source IP that the packet just arrived on.