什么是IP欺骗？

数据包欺骗

数据包欺骗或 IP 欺骗是创建具有源 IP 地址的互联网协议 (IP) 数据包，目的是隐藏发送者的身份或冒充另一个计算系统。当恶意方冒充网络上的另一个设备或用户以对网络主机发起攻击、窃取数据、传播恶意软件或绕过访问控制时，就会发生欺骗攻击。

攻击者创建一个 IP 数据包并将其发送到服务器，这称为 SYN（同步）请求。攻击者将自己的源地址作为另一台计算机的 IP 地址放入新创建的 IP 数据包中。服务器以 SYN ACK 响应返回，该响应传输到伪造的 IP 地址。攻击者收到服务器发送的这个SYN ACK响应并确认，从而完成与服务器的连接。完成此操作后，攻击者可以在服务器计算机上尝试各种命令。最常见的方法包括IP地址欺骗攻击、ARP欺骗攻击和DNS服务器欺骗攻击。企业可以采取的防止欺骗攻击的常见措施包括数据包过滤、使用欺骗检测软件和加密网络协议。

蛮犀安全

Packet Spoofing

Packet spoofing or IP spoofing is the creation of Internet Protocol (IP) packets having a source IP address with the purpose of concealing the identity of the sender or impersonating another computing system. A spoofing attack occurs when a malicious party impersonates another device or user on a network in order to launch attacks against network hosts, steal data, spread malware, or bypass access controls.

The attacker creates an IP packet and sends it to the server, which is known as an SYN (synchronize) request. The attacker puts own source address as another computer’s IP address in the newly created IP packet. The server responds back with a SYN ACK response, which travels to the forged IP address. The attacker receives this SYN ACK response sent by the server and acknowledges it so as to complete a connection with the server. Once this is done the attacker can try various commands on the server computer. The most common methods include IP address spoofing attacks, ARP spoofing attacks, and DNS server spoofing attacks. Common measures that organizations can take for spoofing attack prevention include packet filtering, using spoofing detection software, and cryptographic network protocols.