What is IP spoofing?
IP spoofing refers to the creation of Internet Protocol (IP) packets with modified source addresses, either to hide the identity of the sender or to impersonate other computer systems,
Or both. Malicious users often use this technology to launch DDoS attacks on target devices or surrounding infrastructure.
Sending and receiving IP packets is not only the main way for networked computers to communicate with other devices, but also the basis of modern Internet. All IP packets contain headers, which are located in front of the packet body and contain a lot of important routing information, including the source address. In a regular packet, the source IP address refers to the address of the sender of the packet. If the data packet is falsely used, it is bound to forge the source address.
IP spoofing DDoS attack
IP spoofing is like an attacker sending a packet to a user with the wrong return address. If the user wants to prevent the sender from sending a packet after receiving the packet, it will be useless to prevent all packets sent by forged addresses, because the return address is easy to change. It can be inferred that if the receiver wants to respond to the return address, the response packet cannot be delivered to the real sender. The packet address can be forged into a core vulnerability, which is exploited by many DDoS attacks.
DDoS attacks usually use spoofing technology to defeat the target with traffic, conceal the identity of the malicious source and circumvent mitigation measures. If the source IP address has been tampered with and adopts continuous random mode, it is difficult to prevent malicious requests. In addition, after the use of IP spoofing technology, law enforcement department J and the network security team can hardly trace the attacker. Spoofing can also be used to impersonate other devices so that responses are sent to the target device. The capacity exhaustion attacks such as NTP amplification and DNS amplification exploit this vulnerability. Modifying the source IP is an inherent function of TCP/IP design and a long-term security hazard. Even if it is not used to launch a DDoS attack, it can also implement spoofing technology to disguise itself as other devices, so as to escape authentication and obtain or hijack "the user's session.
How to prevent IP spoofing (packet filtering)
Although IP spoofing cannot be prevented, measures can be taken to prevent forged packets from penetrating the network. Entrance filtering is a very common defense measure against deception. Entrance filtering is a form of packet filtering, which is usually implemented on network edge devices to check incoming IP packets and determine their source headers. If the source header of these packets does not match its source or looks suspicious, reject them. Some networks also implement export filtering to check the IP packets exiting the network, and ensure that these packets have the header of the local source, so as to prevent users inside the network from using IP spoofing technology to launch outbound malicious attacks.
