What are IP and DNS Spoofing Attacks
What are IP and DNS Spoofing Attacks JM6pU4c

The basis of spoofing involves masquerading as a trusted system in order to gain unauthorized access to a secure environment. IP spoofing involves modifying data to make it appear to originate from the IP address of a system that is trusted by a server or firewall. Using this approach, a host is able to pass through the IP filtering that would otherwise serve to prevent access.

The objective of IP Spoofing is to gain unauthorized access to a server or service. DNS Spoofing differs in that the objective is send users to a different location than the one they thought they were going to. Take, for example, a user who goes to their bank's web site to perform online banking transactions (such as paying bills etc). The user enters the web address (URL) of their bank into a browser. The browser contacts a Domain Name Server (DNS) which looks up the IP address which matches the URL. The user is then taken to the site located at that IP address where they enter their login and password. DNS spoofing involves the DNS server being compromised such that the bank URL is set to point to the IP address of a malicious party where a web site that looks just like the real bank site has been set up. Now when the user enters the URL in a browser they are taken to the fake web site where their login and password are captured and stored. The web site will then likely report that the bank site is off-line for maintenance. The user decides to return and try again later. Meanwhile the attacker uses the customer's credentials to log into the account on the real site and transfer all the money out of the account.


Did you find this tutorial helpful? Don’t forget to share your views with us.