IP Spoofing, or IP address spoofing, is a cyberattack in which the adversary impersonates a legitimate website by displaying disinformation on IP packets. Specifically, the adversary alters IP packet header information to misinform users concerning the source information.
IP spoofing enables hackers to conduct Distributed Denial-of-Service (DDoS) and man-in-the-middle (MITM) attacks. These respective attacks disrupt or reroute legitimate traffic to illegitimate websites, or attract legitimate users for nefarious aims such as capturing their credentials or bankcard data.
In the DDoS use case for IP spoofing, the intentional mislabeling of IP origin facilitates bulk nuisance requests by concealing a botnet. To mitigate the threat of IP spoofing-enabled DDoS attacks, enterprises use deep packet inspection (DPI) to read complete header information, instead of IP source information alone.
“A few of our users fell victim to IP spoofing and entered their credentials into a website that looked like ours. The counterfeit site was convincing even down to the header info. Now a number of users’ accounts are experiencing ATO.”