As technology sweeps across the globe, connecting people and organisations at a level never experienced before, so have the cybercriminals got more potential victims under their predatory gaze. In this article, we are going to look into ‘IP spoofing’, one of the methods employed by these bad actors and how it can be countered.
IP Spoofing is a trick used by cyber criminals to create and send Internet Protocol (IP) packets, (used for communicating with other computer systems) to either hide their identity or confuse the origin of the system to target a website or organisation with a cyberattack. IP Spoofing is generally used to orchestrate DDoS cyberattacks about which we have explained earlier in one of our articles. In IP Spoofing, the IP packets, which contain routing information, including the source address, are given a different origin or source address to mask the real system, hence the terminology.
Think of it like getting unwanted calls at home with a new, unknown number. If you want to stop getting the calls, how do you do that? You block that number. But since the number is fake (hypothetically), you will get another call from a different number, which is also fake. You block that, a new call comes with a third unknown number, while you cannot decipher the original number from which the calls are being made. In layman’s terms, this is the principle of IP Spoofing. In order to get such calls, there should be a provision, a filter, which is able to check for such calls and block them automatically. We will talk about this later in the article.
With a false source IP address, which keeps changing continuously, blocking the malicious requests will not do the trick. IP Spoofing is also used to mask the true identity of the sender and masquerade as someone else, to gain access to another device.
So, how do cybersecurity experts deal with such a threat? By using a technique called Ingress Filtering, which is a type of packet filtering. It is implemented on a network edge device, which monitors incoming IP packets and checks the source headers of all of them as they come. The source headers that do not match the actual source headers or look suspicious, are rejected.
Another way Ingress Filtering is employed is by checking the source headers while the IP packets are leaving the network. This is usually done to prevent someone within the network from launching an IP Spoofing-based cyber attack.