MITM: IP spoofing

Description

IP spoofing is a technique used to disguise the source of a network packet by modifying the source address in the packet header to make it appear as if it originated from a different source than the actual sender. This can be used to launch various types of attacks, such as denial of service (DoS) attacks or man-in-the-middle (MitM) attacks.

In a typical IP spoofing attack, the attacker forges the source IP address of a packet and sends it to a target system. When the target system receives the packet, it believes that it came from a legitimate source and responds accordingly. However, the response is sent to the forged IP address, which can be a different machine entirely. This can allow an attacker to intercept or modify the communication between two systems, or overload a system with traffic to cause a denial of service.

Diagram

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 ┌──────────────────┐                   ┌──────────────────┐
 │                  │ Source: 10.0.2.4  │                  │
 │      Hacker      │ Dest: 10.0.2.5    │       VICtim     │
 │     10.0.2.4     ├──┬──┐             │      10.0.2.6    │
 │                  │  │ 1│             │                  │
 └──────────────────┘  └──┤             └──────────────────┘
          ▲               │
          │               ▼
          │          ┌──────────────────┐
          │          │                  │
          └───────┬──┤   Other Server   │
 Source: 10.0.2.5 │ 2│     10.0.2.5     │
 Dest: 10.0.2.4   └──┤                  │
                     └──────────────────┘
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 ┌──────────────────┐                   ┌──────────────────┐
 │                  │ Source: 10.0.2.6  │                  │
 │      Hacker      │ Dest: 10.0.2.5    │       VICtim     │
 │     10.0.2.4     ├──┬──┐             │      10.0.2.6    │
 │                  │  │ 1│             │                  │
 └──────────────────┘  └──┤             └──────────────────┘
                          │                     ▲ Da fuck you want ?
                          ▼                     │
                     ┌──────────────────┐       │
                     │                  │       │
                     │   Other Server   ├──┬────┘
                     │     10.0.2.5     │ 2│ Source: 10.0.2.5
                     │                  ├──┘ Dest: 10.0.2.6
                     └──────────────────┘
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Attack

sudo hping3 -1 --flood -a 10.0.2.6 10.0.2.5

Prevention

IP spoofing can be prevented by using various techniques, such as filtering or blocking traffic from known spoofed addresses, or by implementing security measures that validate the source address of incoming packets.