Lecture on Spoofing and Network Security

Definition of Spoofing

• Spoofing: A device on a network pretending to be another device.
• Example: An attacker creates a fake web server that mimics the original and is under their control.

Common Spoofing Scenarios

• Email Spoofing: Fake emails appearing to be from a known person.
• Phone Spoofing: Incoming calls appearing to be from a local number but originating from elsewhere.

On-Path Attacks

• Attackers use spoofing to position themselves in the middle of a conversation.

ARP Poisoning

• Normal ARP Communication:
  • Device sends a broadcast with the desired IP address.
  • Receives MAC address in response, which is saved in ARP cache.
• ARP Spoofing:
  • Attacker sends a fake ARP response with the router's IP address but attacker's MAC address.
  • Device updates ARP cache with spoofed info, misdirecting traffic to the attacker's device.

IP Address Spoofing

• Legitimate Uses:
  • Load balancers use spoofed IP addresses for service distribution.
• Malicious Uses:
  • ARP poisoning, DNS amplification, distributed denial of service (DDoS).
• Prevention:
  • Firewall rules or access control lists to block spoofed traffic.

MAC Address Spoofing

• Definition: Changing the media access control (MAC) address of a device.
• Legitimate Uses:
  • Modifying MAC address to match what an internet provider expects.
  • Applications requiring specific MAC addresses for security.
• Malicious Uses:
  • Circumventing MAC-based access control lists and security.
• Prevention:
  • Limiting the scope and access of devices on the local network.
• Challenges:
  • Difficult to distinguish between legitimate and spoofed MAC addresses.