Spoofing attack

In the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data, thereby gaining an illegitimate advantage.

Spoofing and TCP/IP

Main articles: IP address spoofing and ARP spoofing

Many of the protocols in the TCP/IP suite do not provide mechanisms for authenticating the source or destination of a message. They are thus vulnerable to spoofing attacks when extra precautions are not taken by applications to verify the identity of the sending or receiving host. IP spoofing and ARP spoofing in particular may be used to leverage man-in-the-middle attacks against hosts on a computer network. Spoofing attacks which take advantage of TCP/IP suite protocols may be mitigated with the use of firewalls capable of deep packet inspection or by taking measures to verify the identity of the sender or recipient of a message.

Referrer spoofing

Main article: Referer spoofing

Some websites, especially pornographic paysites, allow access to their materials only from certain approved (login-) pages. This is enforced by checking the referrer header of the HTTP request. This referrer header however can be changed (known as "referrer spoofing" or "Ref-tar spoofing"), allowing users to gain unauthorized access to the materials.

Poisoning of file-sharing networks

Main article: spoofing (anti-piracy measure)

"Spoofing" can also refer to copyright holders placing distorted or unlistenable versions of works on file-sharing networks.

Caller ID spoofing

Main article: Caller ID spoofing

Public telephone networks often provide Caller ID information, which includes the caller's name and number, with each call. However, some technologies (especially in Voice over IP (VoIP) networks) allow callers to forge Caller ID information and present false names and numbers. Gateways between networks that allow such spoofing and other public networks then forward that false information. Since spoofed calls can originate from other countries, the laws in the receiver's country may not apply to the caller. This limits laws' effectiveness against the use of spoofed Caller ID information to further a scam.^[1]

E-mail address spoofing

Main article: e-mail spoofing

The sender information shown in e-mails (the "From" field) can be spoofed easily. This technique is commonly used by spammers to hide the origin of their e-mails and leads to problems such as misdirected bounces (i.e. e-mail spam backscatter).

E-mail address spoofing is done in quite the same way as writing a forged return address using snail mail. As long as the letter fits the protocol, (i.e. stamp, postal code) the SMTP protocol will send the message. It can be done using a mail server with telnet.^[2]

GPS spoofing

A GPS spoofing attack attempts to deceive a GPS receiver by broadcasting incorrect GPS signals, structured to resemble a set of normal GPS signals, or by rebroadcasting genuine signals captured elsewhere or at a different time. These spoofed signals may be modified in such a way as to cause the receiver to estimate its position to be somewhere other than where it actually is, or to be located where it is but at a different time, as determined by the attacker. One common form of a GPS spoofing attack, commonly termed a carry-off attack, begins by broadcasting signals synchronized with the genuine signals observed by the target receiver. The power of the counterfeit signals is then gradually increased and drawn away from the genuine signals. It has been suggested that the capture of a Lockheed RQ-170 drone aircraft in northeastern Iran in December, 2011 was the result of such an attack.^[3] GPS spoofing attacks had been predicted and discussed in the GPS community previously, but no known example of a malicious spoofing attack has yet been confirmed.^[4]^[5]^[6] A "proof-of-concept" attack was successfully performed in June, 2013, when the luxury yacht "White Rose" was misdirected with spoofed GPS signals from Monaco to the island of Rhodes by a group of aerospace engineering students from the Cockrell School of Engineering at the University of Texas in Austin. The students were aboard the yacht, allowing their spoofing equipment to gradually overpower the signal strengths of the actual GPS constellation satellites, altering the course of the yacht.^[7]^[8]

References

↑ Schneier, Bruce (3 March 2006). "Caller ID Spoofing". schneier.com. Retrieved 16 January 2011.
↑ Gantz, John; Rochester, Jack B. (2005). Pirates of the Digital Millennium. Upper Saddle River, NJ 07458: Prentice Hall. ISBN 0-13-146315-2.
↑ Scott Peterson; Payam Faramarzi (December 15, 2011). "Exclusive: Iran hijacked US drone, says Iranian engineer". Christian Science Monitor.
↑ Wen, Hengqing; Huang, Peter; Dyer, John; Archinal, Andy; Fagan, John (2004). "Countermeasures for GPS signal spoofing" (PDF). University of Oklahoma. Retrieved 16 December 2011.
↑ Humphreys, T.E.; Ledvina, B. M.; Psiaki, M.; O'Hanlon, B. W.; Kintner, P.M. (2008). "Assessing the Spoofing Threat: Development of a Portable GPS Civilian Spoofer" (PDF). ION GNSS. Retrieved 16 December 2011.
↑ Jon S. Warner; Roger G. Johnston (December 2003). "GPS Spoofing Countermeasures". homelandsecurity.org. Archived from the original on 7 February 2012. Retrieved 16 December 2011.
↑ "Students Hijack Luxury Yacht". Secure Business Intelligence Magazine.
↑ "UT Austin Researchers Successfully Spoof an $80 million Yacht at Sea". The University of Texas at Austin. Retrieved 5 February 2015.

Scams and confidence tricks

Terminology	Confidence trick Error account Shill Shyster Sucker list

Notable scams and confidence tricks	Advance-fee scam Art student scam Badger game Bait-and-switch Black money scam Blessing scam Bogus escrow Boiler room Bride scam Bullet-planting scheme Charity fraud Clip joint Coin-matching game Coin rolling scams Drop swindle Embarrassing cheque Employment scams Extraterrestrial real estate Fiddle game Fine print Foreclosure rescue scheme Foreign exchange fraud Fortune telling fraud Gas leak phone call scam Gem scam Get-rich-quick scheme Green goods scam Hustling Intellectual property scams Kansas City Shuffle Long firm Miracle cars scam Mock auction Moving scam Patent safe Pig in a poke Pigeon drop Priority Development Assistance Fund scam Pump and dump Reloading scam Salting Shell game Sick baby hoax Slavery reparations scam Spanish Prisoner Strip search phone call scam Swampland in Florida Technical support scam Telemarketing fraud Thai tailor scam Thai zig zag scam Three-card Monte Trojan horse White van speaker scam Work-at-home scheme

Internet scams and countermeasures	Avalanche Carding Click fraud Clickjacking Cramming Cybercrime CyberThrill DarkMarket Domain name scams Email authentication Email fraud Internet vigilantism Lottery scam PayPai Phishing Referer spoofing Ripoff Report Rock Phish Romance scam Russian Business Network SaferNet Scam baiting ShadowCrew Spoofed URL Spoofing attack Stock Generation Voice phishing Website reputation ratings Whitemail

Pyramid and Ponzi schemes	Aman Futures Group Bernard Cornfeld Caritas Dona Branca Ezubao Foundation for New Era Philanthropy Franchise fraud High-yield investment program (HYIP) Investors Overseas Service Earl Jones (investment advisor) Kubus scheme Madoff investment scandal Make Money Fast Matrix scheme MMM Petters Group Worldwide Pyramid schemes in Albania Reed Slatkin Saradha financial scandal Scott W. Rothstein Stanford Financial Group Welsh Thrasher faith scam

Lists	Con artists Confidence tricks Criminal enterprises, gangs and syndicates Email scams Impostors In the media Film and television Literature Ponzi schemes

This article is issued from Wikipedia - version of the 11/22/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.