In the context of cyber crime spoofing is a technique to masquerade a MAC address and by this a spoof er can gain an illegitimate advantage.
For example if i am a spoof er between two persons A and B. I'll be able to attack person B by making him believe that i am a person A and similarly i can attack A by making him believe that i am person B. For this the attacker has to trace the packets coming from A and after the sequence of packets is guessed it knocks out A and injects his own packets. However the spoofing can be blocked by A,s firewall.
Spoofing has made progress in almost every kind of computer networking and hance it is having a lot of types:
1> URL Spoofing: URL spoofing is also known as "web spoofing" and "Phishing". In this type of spoofing the attacker selects a "look a like" URL address of some legal website (e.g. of the bank,or orkot in place of orkut) making the visitors fool and gaining access to their username and passwords.
This type of spoofing can be done by illegal use of web browser bugs that displays incorrect URLs or by DNS poisoning. So that uers are distracted from the legitimate URLs.
2>Referer Spoofing: Some websites, especially pornographic paysites allow access to their materials only from certain approved (login-) pages. This is enforced by checking the referer header of the request. This referer header however can be changed , allowing users to gain unauthorized access to the materials.
3>Spoofing file sharing networks: Most of the file sharing websites use this type of spoofing to discourage downloading from these sources by using distorted data, uploading empty or mislabeled files. e.g. RIAA (Resource Industry Association of America) started spoofing their file sharing servers last summer. They began uploading files that seemed to be popular song but actually it contains the song chorus or recording of an artist scolding file sharing server. By this a person has to find a lot for his/her favourite song.
4>Email address spoofing: Email spoofing is very common now a days. Attacker or Spammers hide the origin and this leads to problems such as misdirected bounces. Spammer uses a reliable form so that it can get authority and trust, thus if some victim replies ,the reply is delivered to spammers email address.
5>Caller ID Spoofing: when ever someone gets a call it also gets the caller ID of caller at his respective phone or mobile. But now there is a technology that a caller can hide or falsify his ID because there are services and gateways on the network, the false caller ID can be sent.
6>Login spoofing: A victim is presented an ordinary username and password login page of a legitimate website but he/she does'nt knows that a malacious program is running behind.
As described above spoofing has made much progress in computer network world and it has many faces which are beyond the scope of this blog.
The illegal use of spoofing as described above is definitely a cyber crime because most of spammers or spoofers are actually misleading, cheating and trying to peek into the privicy of their victims.But there is also a good aspect of spoofing i.e. if the MAC or IP address were unique for each person then it were very easy for a government or authority to trace it out and length of IP address would also increase as well.
Thus spoofing has both the good as well as bad aspects and it has to be controlled no to be finnished.
No comments:
Post a Comment