IP spoofing is a technique used to gain unauthorized access to computers, whereby the attacker sends messages to a computer with a forging IP address indicating that the message is coming from a trusted host.There are a few variations on the types of attacks that using IP spoofing.

Non-Blind Spoofing - This attack takes place when the attacker is on the same subnet as the target who could see sequence and acknowledgement of packets. The threat of this type of spoofing is session hijacking and an attacker could bypass any authentication measures taken place to build the connection. This is accomplished by corrupting the datastream of an established connection, then re-establishing it based on correct sequence and acknowledgement numbers with the attack machine.

Blind Spoofing - This attack may take place from outside where sequence and acknowledgement numbers are unreachable. Attackers usually send several packets to the target machine in order to sample sequence numbers, which is doable in older days. Today, most OSs implement random sequence number generation, making it difficult to predict them accurately. If, however, the sequence number was compromised, data could be sent to the target.

Man In the Middle Attack C This is also called connection hijacking. In this attacks, a malicious party intercepts a legitimate communication between two hosts to controls the flow of communication and to eliminate or alter the information sent by one of the original participants without their knowledge. In this way, an attacker can fool a target into disclosing confidential information by spoofing the identity of the original sender or receiver. Connection hijacking exploits a "desynchronized state" in TCP communication. When the sequence number in a received packet is not the same as the expected sequence number, the connection is called "desynchronized." Depending on the actual value of the received sequence number, the TCP layer may either discard or buffer the packet. When two hosts are desynchronized enough, they will discard/ignore packets from each other. An attacker can then inject forged packets with the correct sequence numbers and potentially modify or add messages to the communication. This requires the attacker to be located on the communication path between the two hosts in order to replicate packets being sent. The key to this attack is creating the desynchronized state.

Denial of Service Attack - IP spoofing is almost always used in denial of service attacks (DoS), in which attackers are concerned with consuming bandwidth and resources by flooding the target with as many packets as possible in a short amount of time. To effectively conducting the attack, attackers spoof source IP addresses to make tracing and stopping the DoS as difficult as possible. When multiple compromised hosts are participating in the attack, all sending spoofed traffic, it is very challenging to quickly block the traffic.

To be noted, the IP spoofing techniques do not allow for anonymous Internet access, which is a common misconception among people. Any sort of spoofing beyond simple floods is relatively advanced and used in very specific instances such as evasion and connection hijacking. To prevent IP spoofing happen in your network, the following are some common practices:

• Avoid using the source address authentication. Implement cryptographic authentication system-wide.
• Configuring your network to reject packets from the Net that claim to originate from a local address.
• Implementing ingress and egress filtering on the border routers and implement an ACL (access control list) that blocks private IP addresses on your downstream interface.

If you allow outside connections from trusted hosts, enable encryption sessions at the router.

Related Terms: Denial of Service, Man In the Middle Attack, Encryption, Authentication, Non-Blind Spoofing, Blind Spoofing

Reference Links: http://linux4biz.net/articles/spoofing.html: TCP/IP Spoofing