IP Spoofing, or IP address spoofing, is a cyberattack where the adversary impersonates a legitimate website by displaying disinformation on IP packets. Specifically, the they alter IP packet header information to misinform users concerning the source of the information.
IP spoofing enables hackers to conduct Denial of Service or Distributed Denial-of-Service (DoS, DDoS) and man-in-the-middle (MITM) attacks. These respective attacks disrupt or reroute legitimate traffic to illegitimate websites, or attract legitimate users for nefarious aims such as capturing their credentials or bankcard data.
In the DoS/DDoS use case for IP spoofing, the intentional mislabeling of IP origin facilitates bulk nuisance requests by concealing a botnet. To mitigate the threat of IP spoofing-enabled DoS/DDoS attacks, enterprises use deep packet inspection (DPI) to read complete header information, instead of IP source information alone.
“A few of our users fell victim to IP spoofing and entered their credentials into a website that looked like ours. The counterfeit site was convincing even down to the header info. Now a number of users’ accounts are experiencing ATO.”