What is Spoofing??
Kontributor:
Novita Agustina
What is Spoofing?
In my opinion spoofing is a technique to obtain data from people we seek through the internet by camouflaging ourselves so as not to be suspected by others. For example by disguising the ip address of our computer.
And according to the article that I read this means spoofing technique or sometimes known as Source Address Spoofing is to Forgery IP Address of the attacker for the victim assume that the IP Address was not from outside the network. The analogy is to imagine if you want to send a threatening letter to someone, and you do not want the person you threatened to know that the threat letter came from you. So what you do is send the letter using the name and address of others so that you will be safe and not tracked.
Types of spoofing
- IP Spoofing
Ip Spoofing is a complex attack consisting of several components. - SMURF Attack
A broadcast ping is sent and the IP source of the ping looks the same as the victim's IP address. In this case a large number of computers will respond back and send a Ping reply to the victim. The incident continues repeatedly, until the victim's machine or link is overloaded and in Denial of Service condition. - Predicted number of TCP series
A TCP connection is marked by a number of client and server circuits. If the number of sequences is predictable, hackers can create packets by falsifying IP addresses and guess the order of numbers to hijack a TCP connection. - Circuit prediction through DNS fraud
DNS servers typically query other DNS servers to find out other hostnames. A hacker will send a request to the target DNS server as if it were a response to the same server. In this way the hackers can create a client that accesses, such as www.hotmail.com site to the hacker's server. - DNS Spoofing
An attack that takes the DNS name from another system by compromising the original DNS (Domain Name Server).
But for humans it is impossible to memorize the original IP Address, because humans more easily memoralkan words such as www.yahoo.com, www.google.com, or www.facebook.com. DNS serves to convert a human-readable name into the corresponding IP addresshot to be connected. So when the target request to a domain address with IP address A, with DNS Spoofing, by the gateway request user will be forwarded to the fake IP address of the attacker. - Identity Spoofing
NETWORK attack by taking and using identity, used to access the things in the go. In the context of Office Communications Server 2007 R2, this situation comes into play only if the administrator has done both of the following: - A configurable connection that only supports Transmission Control Protocol (TCP) (which is not recommended, since TCP communication is unencrypted).
- Must mark the IP address of the connection as a trusted host. This is less of a problem for Transport Layer Security (TLS) connections, which are by definition encrypted.
This precaution can prevent it from spoofing IP addresses on certain connections (eg, TLS reciprocal links). But attackers can still spoof DNS server addresses that use Office Communications Server. Although spoofing is a threat to Office Communications Server, no server can do to prevent it. Preventing this attack requires IT-infrastructure and network-level mitigation. - Web Spoofing
The attack that causes the attacker's web servers to be placed on the INTERNET path between the user and the (WWW) means the internet network so that access to the user will go through the attack server. For that the user must be careful and careful when visiting a site with respect to the URL of the site visited in the location line of the browser and take other necessary precautions to avoid web attacks Spoofing.
Variation of IP spoofing attacks
There are several variations on the types of attacks that successfully use IP spoofing namely:
- Non-Blind Spoofing
This type of attack usually occurs if the victim is in the same subnet of the network. - Blind Spoofing
In Blind Spoofing the attack will be more difficult to implement because the sequence and acknowledgment numbers can’t be sniffed because it is not in one subnet. - Man In the Middle Attack
In this type of attack a computer intercepts the communication path of two connected computers, then controls the communication path and can delete and create information sent from one of the connected computers unnoticed by both. - Denial of Service Attack
In this case we just want to spend bandwidth and resources, not to think about the completion of handshakes and transactions are done.
How to Conduct Spoofing
There are many ways to do IP spoofing either with tools or manuals, including:
- TOR
TOR is an open source project created in 2001 and is still developed today. Tor uses a concept called sebagaionion proxy where the data sent to the destination will go through several different proxies each time chosen at random. How to use it is quite easy, just run the program wait a moment and then will appear firefox congenital tor then please check ip address then ip addressnya will disguise. - Proxy Switcher
Proxy Switcher Pro software will be very useful for those of you who like to search for the latest proxy update list. With this software you can search, download and then perform proxy testing. Proxy Switcher software has 2 versions of standard and PRO versions where both versions have much difference in software capability and functionality.
To use this tool the first time click the download server button and then click 2x on the proxy that we want to use then automatically our browser settings will be changed to the proxy that we chose earlier, it's just this program licensed alias paid but many crack also spread for this program. Anonymouse.org
Anonymouse is not a program but a website that offers IP disguise us. We just enter the website address to be visited and anonymouse.org will open the website through the proxy that they manage.
How to Prevent IP Spoofing
- Installing Filters on the Router
By utilizing "ingress and engress filtering" on the router is the first step in defending yourself from spoofing. We can use ACL (Acces Control List) to block private IP addresses in the network for downstream. - Encryption and Authentication
We must eliminate all host-based authentication, which is used on computers with the same subnet.
*Before Encryption
*After Encryption
There are several methods to perform Authentication, namely:
- Something you know is a method by relying on information that is only known by the user in question. Examples of passwords and pins that someone has.
- Something you have is this method commonly used in addition to the first method, which uses the goods owned by the user. For example card atm, credit card, token pin.
- Something you are a method by using unique physical features that someone has. This method is rarely used because it is constrained by the reader's tools. For example the eye retina, fingerprints.
- Something you do that this method relies more on the habits that are often done by individuals who may not be able to be done by others. For example, signature, human voice.
Prevention That Can Be Done
- Prevent Web Spoofing, done by:
- Not enabling Javascript in the browser so that attackers can not hide clues or evidence of an attack.
- Ensure that the location line of the browser is always visible.
- Pay attention to the URL displayed in the location line of the browser to ensure that the URL refers to the server of the actual site being visited.
- DNS Spoofing Prevention:
DNS spoofing can be resolved by disabling recursive queries to the name server by split DNS that creates two name servers. The primary server name is used to handle the domain name of the public domain, while the second server name on the internal network serves as the cache name server in charge of answering queries from users who request the domain. - Prevent ARP Spoofing by:
- Checking MAC Address by using the Colasoft MAC Scanner tool.
- Scan the network, if there are 2 pieces of the same IP Address with the Gateway dropout client from the network then scan the Virus with using antivirus Up-to-date virus database.
- After the virus scanning, done this closing step, open Command prom then type: arp -s ip_address_gateway mac_address_gateway then press the Enter key.
- Prevent Ip Spoofing in the following way:
- Installing Filters on Routers by utilizing "Ingress and Engress filtering" on the router is the first step in defending against spoofing.
- Encryption and Authenfication we can also overcome IP Spoofing by implementing authentication and data encryption.
There are some software that you can install on the network to prevent this type of attack. Some of these software include: arpON, xArp (running on windows). From your side of internet network users there are some suggestions you need to consider:
- For critical applications such as internet banking, gmail or other email, Password: use a secure password and do not use common words (in the dictionary)
- If available, always select https instead of http. For example in Gmail there is the option to use https or http. (On https, the data packets on the network communications are encrypted, so that even when the terendus is still difficult to read)
- When using https and your browser issued a warning or warning that the certificate is invalid or issued by a CA that is not included in the trust anchor, then you should be vigilant. Do not use public area computer or internet cafe to perform financial transaction like internet banking etc..
Cases Spoofing on banks in Indonesia and Malaysia
The most reported case to ID-CERT in spoofing / phishing is a fake Indonesian banking website that is made similar to the original. Generally the forged sites are with generic domain names (.com, and .net). As for the bank with the domain name .co.id, almost no reports have been entered.
In addition to banks in Indonesia, the same thing happened to the banking sites in Malaysia and Europe that actually faked and ditempeli web site and IP Address organization in Indonesia.
"The difficulty of ID-CERT is in contacting the banking parties in Indonesia who are victims in order to have awareness from the banks concerned to be able to give anticipation to their customers," said Ahmad Alkazimy, from ID-CERT.
"While from overseas, ID-CERT received many reports from Banking CERT Brazil and HSBC United States as well as of course from CMC Malaysia and Anti Fraud Comand Center (AFCC) which many inform about the existence of their fake banking sites using domain names and IP Address Indonesia, "he concluded.