Snoofing Cyber Security



In the context of network security, a snoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data, thereby gaining an illegitimate advantage.

Many of the protocols in the TCP/IP suite do not provide mechanisms for authenticating the source or destination of a message. They are thus vulnerable to spoofing attacks when extra precautions are not taken by applications to verify the identity of the sending or receiving host.

IP spoofing and ARP spoofing, in particular, may be used to leverage man-in-the-middle attacks against hosts on a computer network. Spoofing attacks which take advantage of TCP/IP suite protocols may be mitigated with the use of firewalls capable of deep packet inspection or by taking measures to verify the identity of the sender or recipient of a message.

Some websites, especially pornographic paysites, allow access to their materials only from certain approved (login-) pages. This is enforced by checking the referrer header of the Hypertexttransferprotocol request. This referrer header however can be changed (known as “referrer spoofing” or “Ref-tar spoofing”), allowing users to gain unauthorized access to the materials.

Spoofing can also refer to copyright holders placing distorted or unlistenable versions of works on file-sharing networks.

Public telephone networks often provide Caller ID information, which includes the caller’s name and number, with each call. However, some technologies (especially in Voice over IP (VoIP) networks) allow callers to forge Caller ID information and present false names and numbers.

Gateways between networks that allow such spoofing and other public networks then forward that false information. Since spoofed calls can originate from other countries, the laws in the receiver’s country may not apply to the caller. This limits laws’ effectiveness against the use of spoofed Caller ID information to further a scam.

The sender information shown in e-mails can be spoofed easily. This technique is commonly used by spammers to hide the origin of their e-mails and leads to problems such as misdirected bounces (i.e. e-mail spam backscatter).

E-mail address snoofing is done in quite the same way as writing a forged return address using snail mail. As long as the letter fits the protocol, (i.e. stamp, postal code) the SMTP protocol will send the message. It can be done using a mail server with telnet.

For more details feel free to contact us