IP Spoofing.
Before we proceed, we have to know what IP is. IP stands for internet protocol address where it says a thing or two about your computer. Each computer has their own unique IP address. Usually, the IP address will looks like this:
10.0.0.0
As you notied there're decimal points or dots that separate the numbers. Well, this is to differentiate between the network and the host address. You can see the difference between the class of IP Address here. Now, moving on to the IP Spoofing subject. There are lots of different definitions for IP Spoofing but basically it involves the creation of false IP in order to conceal the identity of the packet's sender.
Personally, i don't think that IP Spoofing is dangerous cause i also use it from time to time. Depending on the viewer in this IP Spoofing subject, one might find that this tool can be useful. In not so extreme cases, with the combination of other techniques and knowledge, the attacker may create a false address and cause you to enter your sensitive password and send it to the attacker. For what its worth, make sure you protect your IP Address and always browse on secure connection. XD
IP Session Hijacking.
Okay. This one is a bit dangerous as compared to spoofing. It is dangerous if the attacker is somehow experience. It is hard for a wannabe badass to perpetrate this type of crime (crime?). IP Session Hijacker will attack and take control of a user's session. For example, if the user is reading the email, then the attacker will also read the same email and worse because the attacker can do whatever he wants that he wishes as the attacker.
To give an example of session hijacking, read the passage that i take from here.
"For the description of the attack, let's return to our large network of networks in Figure 4. In this attack, a user on host A is carrying on a session with host G. Perhaps this is a telnet session, where the user is reading his email, or using a Unix shell account from home. Somewhere in the network between A and G sits host H which is run by a naughty person. The naughty person on host H watches the traffic between A and G, and runs a tool which starts to impersonate A to G, and at the same time tells A to shut up, perhaps trying to convince it that G is no longer on the net (which might happen in the event of a crash, or major network outage). After a few seconds of this, if the attack is successful, naughty person has ``hijacked'' the session of our user. Anything that the user can do legitimately can now be done by the attacker, illegitimately. As far as G knows, nothing has happened."
To prevent your IP from being hijacked, simply change the standard type telnet application to the encrypted version. This way, if the attacker take over the session, he'll only see gibberish thing because of the encrypted session.
I think this is it for IP spoofing and IP session hijacking. Make sure you know how to keep yourself from malicious attacker while surfing the net. Have fun!
2 comments:
thanx .you hav explained very nicely abt hijacking and spoofing...but can u say how u will get a false ip address?
thanx for it a1facts
Post a Comment