🕵️‍♂️

Network Spoofing Techniques

Jun 16, 2025

Overview

This lecture explains the concept of spoofing in network security, focusing on ARP poisoning and DNS spoofing as techniques attackers use to intercept or redirect network traffic.

Spoofing Fundamentals

  • Spoofing is when a person or device pretends to be another to gain unauthorized access.
  • Examples include fake web servers, DNS servers, email address spoofing, and caller ID spoofing.
  • Spoofing enables attackers to monitor or modify conversations in network communications.

ARP Poisoning (IP Spoofing)

  • ARP (Address Resolution Protocol) connects IP addresses to MAC addresses in local networks.
  • Devices use ARP broadcasts to ask for the MAC address of a target IP address.
  • ARP responses are unauthenticated, making the process vulnerable to exploitation.
  • Attackers can send fake ARP responses, associating their MAC address with a legitimate IP (such as the router).
  • Victim devices update their ARP cache with the attacker's MAC address, sending future traffic to the attacker.
  • Attackers can forward intercepted traffic to the real router, making the attack hard to detect.

DNS Spoofing (DNS Poisoning)

  • DNS translates domain names to IP addresses for network communications.
  • DNS poisoning alters DNS responses or modifies server data to redirect traffic.
  • Attackers can modify client-side host files or intercept and change DNS responses in real time.
  • ARP poisoning can be used to position the attacker between the DNS server and users.
  • Compromising a DNS server or intercepting traffic lets attackers change the IP address for a domain (e.g., professormesser.com) to their own.
  • Users requesting the poisoned domain are redirected to the attacker's server instead of the legitimate one.

Key Terms & Definitions

  • Spoofing — Pretending to be another device or person to bypass security or mislead victims.
  • ARP Poisoning — Sending fake ARP responses to associate an attacker’s MAC address with a legitimate IP.
  • DNS Spoofing/Poisoning — Modifying DNS data or responses to redirect users to malicious sites.
  • ARP Cache — Local table storing IP-to-MAC address mappings.
  • On-Path Attack — An attack where the attacker intercepts and possibly alters communication between two parties.

Action Items / Next Steps

  • Review ARP and DNS protocols and their roles in network security.
  • Understand how to detect and prevent ARP and DNS spoofing in practical scenarios.

Full transcript