Spoofing attack
|
A spoofing attack, in computer security terms, refers to a situation in which one person or program is able to masquerade successfully as another.
An example from cryptography is the man in the middle attack, in which an attacker spoofs Alice into believing he's Bob, and spoofs Bob into believing he's Alice, thus gaining access to all messages in both directions without the trouble of any cryptanalytic effort.
The attacker must monitor the packets sent from Alice to Bob and then guess the sequence number of the packets. Then the attacker knocks out Alice with a SYN attack and injects his own packets, claiming to have the address of Alice. Alice's firewall can defend against spoof attacks when it has been configured with knowledge of all the IP addresses connected to each of its interfaces. It can then detect a spoofed packet if it arrives from an interface that is not known to be connected to that interface.
Many carelessly designed protocols are subject to spoof attacks, including many of those used on the Internet. See Internet protocol spoofing.
Another kind of spoofing is "web page spoofing," also known as phishing. In this attack, a web page is reproduced in "look and feel" to another server but is owned and operated by someone else. It is intended to fool someone into thinking that they are connected to a trusted site. Typically, a bank's log-in page might be spoofed by a crook. The crook then harvests the user names and passwords. This attack is often performed with the aid of DNS cache poisoning in order to direct the user away from the legitimate site and into the false one. Once the user puts in their password, the attack-code reports a password error, then redirects the user back to the legitimate site.
"Spoofing" can also refer to copyright holders placing distorted or unlistenable versions of works on file-sharing networks, to discourage downloading from these sources.. An example of this is the spoof of Madonna's album American Life. In the spring of 2003, Madonna and Warner Brothers, her label, populated the file-sharing networks with spoofs. Try to download cuts from the album and you get Madonna swearing at you, saying "What the f*** do you think you are doing?" The spoof instantly became a cult hit and some say it was more popular than the album itself. Other musicians then took the spoof and remixed Madonna's words into other songs, some of which live on 1. Also her site was hacked and a bunch of songs offered for free download along with the words "This is what I think I'm doing"!
Note 1: See "The Madonna Remix Project", [1] (http://www.irixx.org/madonna/)
From "Pirates of the Digital Millennium" by John Gantz & Jack B. Rochester, 2005, FT Prentice Hall, Upper Saddle River, NJ 07458; ISBN0-13-146315-2.