|Like this CertiGuide? Get it in PDF format!|
Use coupon code "certiguide" to save 20%!
|Also available: 300-question Security+ practice test!|
|Get It Here!|
Problem #1: Spoofing Can Worsen a DoS Attack
In the example of a user browsing
a website, this technique is fairly pointless. However, if this technique
is used in conjunction with a Denial Of Service attack (as discussed
in 1.4.1), an attacker can use this to their advantage. First, they
can hide their true source IP address, which, in todays world
of lawsuits against hackers is a fairly strong motivation, making it
difficult to trace them. Secondly, they can continually change the source
IP address of the DoS packets, making it hard for network administrators
to drop the packets at firewalls using source IP address filters. To
take it a stage further, an attacker could spoof the source IP address
of the DoS packets to make them appear to originate from within the
While this technique may not always
work, it can give poorly configured firewalls and routers a lot of difficulties.
This is why we recommended in section 1.4.1 that you implement router
rules against this.
Spoofing is an attack in which packets are made to appear to originate from a system other than the one they really originated from.
If your network monitor or Intrusion Detection System detects that you are receiving packets from the Internet which list an address on your internal network as the source IP address, it is likely that you are experiencing an IP spoofing attack.