Pretend to be something you aren’t Fake web server, fake DNS server, etc. • Email address spoofing • The sending address of an email isn’t really the sender Caller ID spoofing The incoming call information is completely fake • Man-in-the-middle attacks • The person in the middle of the conversation pretends to be both endpoints

Take someone else’s IP address Actual device Pretend to be somewhere you are not Can be legitimate Load balancing Load testing May not be legitimate ARP poisoning DNS amplification / DDoS • Easier to identify than MAC address spoofing • Apply rules to prevent invalid traffic, enable switch security

Spoofing Flashcards by Pat Man

Spoofing

Pretend to be something you aren’t
- Fake web server, fake DNS server, etc.

• Email address spoofing
• The sending address of an email isn’t really the
sender

Caller ID spoofing
- The incoming call information is completely fake

• Man-in-the-middle attacks
• The person in the middle of the conversation
pretends to be both endpoints

How well did you know this?

Not at all

Perfectly

MAC spoofing

Your Ethernet device has a MAC address
- A unique burned-in address
- Most drivers allow you to change this

• Changing the MAC address can be legitimate
• Internet provider expects a certain MAC address
• Certain applications require a particular MAC
address

It might not be legitimate
- Circumvent MAC-based ACLs
- Fake-out a wireless address filter
Very difficult to detect
- How do you know it’s not the original device?

How well did you know this?

Not at all

Perfectly

IP address spoofing

Take someone else’s IP address
- Actual device
- Pretend to be somewhere you are not
Can be legitimate
- Load balancing
- Load testing
May not be legitimate
- ARP poisoning
- DNS amplification / DDoS

• Easier to identify than MAC address spoofing
• Apply rules to prevent invalid traffic, enable switch
security

How well did you know this?

Not at all

Perfectly

Brainscape's Knowledge GenomeTM

Spoofing Flashcards

Brainscape's Knowledge Genome^TM