How is an IP datagram spoofed?
In an IP packet/datagram, the header contains the addressing information, such as the sender's source and the destination's IP address. An IP packet is usually unencrypted, therefore if someone is sniffing the traffic between the sender and the receiver, the contents of the packet and its header information are captured. A malicious user or an attacker can modify the IP address on the IP packets originating from the attacker machine, making it seem to originate from somewhere else, which is known as IP spoofing. It tricks a potential victim into believing the IP packet came from a legitimate or trusted source, but is actually from a malicious user. The operating system has no way of determining whether the IP addresses actually belong to the legitimate machine or not. When the internet protocol was built, security was not a concern at the time, hence IP lacks security features.
There are different types of spoofing attacks:
- Address Resolution Protocol spoofing
- DNS spoofing