站点图标 江湖人士

什么是IP欺骗?如何避免?

什么是IP欺骗?如何避免?IP欺骗是一种用于获得对机器的未经授权的访问的技术,攻击者借此可以通过操纵IP数据包来冒充另一台机器。IP欺骗涉及使用伪造的(欺骗的)源IP地址,校验和和顺序值来修改数据包头。

什么是IP欺骗

什么是IP欺骗

IP欺骗是一种用于获得对机器的未经授权的访问的技术,攻击者借此可以通过操纵IP数据包来冒充另一台机器。IP欺骗涉及使用伪造的(欺骗的)源IP地址,校验和和顺序值来修改数据包头。互联网是一个数据包交换网络,它导致离开一台计算机的数据包可能以不同的顺序到达目标计算机。接收机器基于嵌入在IP标头中的订单值类似于消息。IP欺骗涉及解决用于选择顺序发送值并正确修改它们的算法。

此过程通常从识别主机并找到主机信任的IP地址开始,以便您可以发送数据包,并且主机会将其视为源自受信任的IP地址,但事实并非如此。

黑客使用IP欺骗来执行恶意和非法活动。可以执行的一些活动包括拒绝服务和中间人攻击。黑客利用这两种恶意行为在掩盖其身份的同时在互联网上引起戏剧或破坏。

让我们看看借助IP欺骗可以发起的可能的攻击。

什么是IP欺骗

中间人

顾名思义,这种攻击是在对某些信息感兴趣的黑客拦截从一台主机发送到另一台主机的数据包时发生的。黑客通过访问从一端发送的信息来进行中间攻击,然后在将信息发布给预期的接收者之前对其进行了更改。这意味着收件人将收到与发送的信息完全不同的更改信息。

中间人攻击主要由有兴趣了解发送者和接收者之间共享信息的个人或组织执行。

致盲

当黑客或黑客将更改的数据包序列发送到目标时,又不确定网络中的数据传输如何发生,就会发生这种攻击。

这是一种盲目的欺骗,因为黑客不确定网络中数据传输所使用的顺序,因此他们有兴趣更改通过其发送的数据。

黑客在隐藏自己的身份的同时,利用了以下事实:他访问了数据,然后将错误的信息注入到数据包中,而没有标识自己或公开其身份。收件人将收到更改后的数据,并相信其数据是从真实发件人发送的,而不知道该数据包含黑客注入的虚假信息。

不致盲

在这种攻击形式中,黑客与目标驻留在同一网络中,这使他很容易注意到或访问传输。结果,这使得黑客很容易分辨或理解数据序列。

访问数据序列后,黑客可以伪装自己并结束已建立的劫持过程。

服务拒绝

这是风暴的一种形式,黑客使用该风暴来攻击系统,同时隐藏其身份,从而很难知道攻击的来源。

这种攻击通常是大规模进行的,它使多个系统无法通过网络访问服务。

欺骗在很多人看来是负面的,但在某些情况下可以用于正面。这些实例之一是卫星互联网可访问性。卫星服务提供商有时可能会依靠欺骗来避免信息交换的延迟。

但是,对于非法欺骗,总有一种控制和阻止它的方法。

因此,您要一劳永逸地停止欺骗吗?您可以始终依靠以下主要技术来防止IP欺骗。

  1. 更改身份验证过程:通过确保在交换数据的主机或计算机之间进行加密,可以防止IP欺骗。在将要交换信息的两个系统之间引入密钥交换,以减少IP欺骗的风险。
  2. 引入过滤-此过滤应引入计划防止IP欺骗的系统中,尤其是在出站和入站数据流量方面。
  3. 交换机和路由器配置:如果您的路由器允许配置,则应重置它们以拒绝可能来自与网络不同的来源的奇怪数据包。
  4. 拒绝专用地址:将系统或网络配置为忽略或禁止来自外部的专用IP地址。
  5. 允许加密会话:应以仅经过身份验证和受信任的网络可以访问您的网络并与之交互的方式进行设置。您的路由器应设置为仅允许可信来源。

这些是用于彻底阻止IP欺骗的surefire策略。现在您知道了,为什么不配置路由器或系统以避免黑客欺骗您的IP?

什么是 IP 欺骗?

IP 欺骗是指创建源地址经过修改的 Internet 协议 (IP) 数据包,要么隐藏发件人的身份,要么冒充其他计算机系统,又或者二者并用。恶意用户往往采用这项技术对目标设备或周边基础设施发动 DDoS 攻击

发送和接收 IP 数据包既是联网计算机与其他设备开展通信的主要途径,又是现代 Internet 的基础。所有 IP 数据包都包含标头,标头位于数据包主体之前,其中包含大量重要路由信息,包括源地址。在常规数据包中,源 IP 地址是指数据包发件人的地址。如果数据包遭到冒用,势必会伪造源地址。

IP 欺骗好比攻击者将数据包发送给返回地址错误的用户。如果该用户在收到数据包后想要阻止发件人发送数据包,那么阻止伪造地址发出的所有数据包将无济于事,因为返回地址很容易更改。由此推断,如果收件人希望对返回地址做出响应,响应数据包也无法送达真实发件人。数据包地址伪造能力成为核心漏洞,很多 DDoS 攻击都在利用这个漏洞。

DDoS 攻击通常会利用欺骗技术,其目的在于用流量击垮目标,同时掩饰恶意来源的身份并规避缓解措施。如果源 IP 地址经过篡改并采用连续随机模式,将很难阻止恶意请求。另外,采用 IP 欺骗技术,执法部门和网络安全团队将很难追踪到攻击行为人。

欺骗也可用于冒充其他设备,这样响应将被发送到该目标设备。NTP 放大和 DNS 放大等容量耗尽攻击正是利用这一漏洞。修改源 IP 是 TCP/IP 设计的固有功能,也是一项长期安全隐患。

哪怕并非用于发动 DDoS 攻击,也可以实施欺骗技术,伪装成其他设备,从而逃避身份验证并获取或“劫持”用户的会话。

如何防范 IP 欺骗(数据包过滤)

虽然无法防范 IP 欺骗,但可以采取措施阻止伪造数据包渗透网络。入口过滤是防范欺骗的一种极为常见的防御措施,如 BCP38(通用最佳实践文档)所示。入口过滤是一种数据包过滤形式,通常在网络边缘设备上实施,用于检查传入的 IP 数据包并确定其源标头。 如果这些数据包的源标头与其来源不匹配或者看上去很可疑,则拒绝这些数据包。一些网络还实施出口过滤,检查退出网络的 IP 数据包,确保这些数据包具有合法源标头,以防止网络内部用户使用 IP 欺骗技术发起出站恶意攻击。

什么是IP欺骗英文原文

什么是IP欺骗

IP Spoofing is a technique used to gain unauthorized access to machines, whereby an attacker illicitly impersonates another machine by manipulating IP packets. IP Spoofing involves modifying the packet header with a forged (spoofed) source IP address, a checksum, and the order value. Internet is a packet switched network, which causes the packets leaving one machine may be arriving at the destination machine in different order. The receiving machine resembles the message based on the order value embedded in the IP header. IP spoofing involves solving the algorithm that is used to select the order sent values, and to modify them correctly.

This process usually starts by identifying your host and finding the IP address trusted by your host so that you can send data packets and the host will see them as originating from a trusted IP address but that’s not the case.

Hackers use IP spoofing to perform activities that are malicious and illegal. Some of the activities that can be performed include Service denial and man in the middle attacks. These two malicious acts are used by hackers to cause drama or havoc over the internet while hiding their identity.

Let’s look at possible attacks that can be launched with the help of IP spoofing.

Man in the Middle

Just as the name suggests, this attack occurs when hackers interested in some information intercept data packets sent from one host to the next. Hackers do this man in the middle attack by accessing information sent from one end then alter it before releasing the information to the intended recipient. That means the recipient will receive altered information that is totally different from what was sent.

Man in the middle attack is mostly performed by individuals or organizations that are interested in knowing the information shared between the sender and the recipient.

Blinding

This form of attack occurs when a cracker or hacker sends an altered sequence of data packets to his target while not sure how data transmission within a network takes place.

It’s a blind type of spoofing because the hacker is not sure about the sequence used in data transmission within a network they are interested in altering the data sent over it.

While hiding his identity, the hacker then takes advantage of the fact that he has accessed the data then injects wrong information into the packets of data without identifying himself or publicizing his identity. The recipient will receive altered data and believe that its data sent from the genuine sender without knowing that the data contains false information injected by a hacker.

Non-blinding

In this form of attack, the hacker resides in the same network as the target making it easy for him to notice or access transmissions. This, as a result, makes it easy for the hacker to tell or understand data sequence.

After getting access to the data sequence, the cracker can disguise himself and end up hijacking processes that have been established.

Service denial

This is a form of a storm that hackers use to attack a system while hiding their identity making it difficult to know the source of an attack.

This attack is usually done on a large scale denying several systems ability to access services over a network.

Spoofing is seen by many people as a negative thing but it can be a used in a positive application in some cases. One of these instances is Satellite internet accessibility. Providers of satellite services may sometimes rely on spoofing to avoid delays of information exchange.

However, for illegal spoofing there’s always a way to control and stop it.

So you want to stop spoofing once and for all? Here are the main techniques you can always count on to prevent IP spoofing.

  1. Change authentication procedure: IP spoofing can be prevented by ensuring that there is encryption between hosts or machines that exchange data. Introduce exchange of keys between two systems that will be exchanging information so as to reduce the risk of IP spoofing.
  2. Introduce Filtering- This filtering should be introduced in a system that plans to prevent IP spoofing especially on outbound and inbound data traffic.
  3. Switches and router configuration: If your routers allow configuration you should reset them to reject strange data packets that may originate from a source different from the network.
  4. Deny Private addresses: Configure your system or network to ignore or disallow private IP addresses originating from outside.
  5. Allow encryption sessions: This should be set in such a way that only authenticated and trusted networks can access and interact with your network. Your router should be set to only allow trusted sources.

These are the surefire strategies used to stop IP spoofing once and for all. Now that you know, why not configure your router or system to avoid crackers from spoofing your IP?

什么是IP欺骗,本文翻译自:https://www.iplocation.net/ip-spoofing

退出移动版