It is not only criminals in the real world who employ these techniques to access sensitive information and bank accounts, but their colleagues in the virtual realm also do so successfully. This practice is called spoofing – a collective category that includes the concepts of IP address spoofing (sending messages to computers using the IP address of a trusted source), email spoofing (spoofing the email header to disguise the true sender) and DNS spoofing (changing the DNS server settings for domain name redirection to the attackers’ IP address).


You can only protect yourself by following common sense and observing the basic rules of safe working in the network, for example, under no circumstances giving your personal data by email. mail, even if the sender’s reputation is beyond doubt.

IP – spoofing is a substitution of the sender’s address , one of the IP – header fields , by writing another value . The complexity lies in the fact , that the machine , received a title with such address , will send a response to the address , and not to address crackers .

In case with the TCP – connection is necessary to obtain a response from the destination to install the connection with him . When you install the TCP – connection is important so -called the ISN ( the Initial the Sequence Number The ) – initial sequence number .

In time setting the connection between machines is transmitted serial number of the customer , designated as ISNc , and also transmitted by the ISN of the server , as ISNs. Make sure you establish a connection.

the client sends the TCP – packet with established flag of the SYN , as he chooses ISNc .
server increases on unit ISNc and send it back together with their ISNs .
client responds packet ACK , containing ISNs , enlarged on unit .
When a cracker tries to establish the TCP – connection with spoofed the IP – address , the server sends a computer A package the SYN – the ACK , containing its the ISN . So as the computer A does not send the server package the SYN , it will respond package RST for the interruption of an unknown compound .

The cracker remains wait until computer A is turned off or restarted . Cracker is not able to see the ISN , sent one machine to another . He needs this ISN in the third step , when he will have to increase it by 1 and send it . The attacker must guess the ISN . In old operating rooms systems ( OS ) it was very easy to guess the ISN – it increased by one with each connection .

Modern operating systems use a mechanism , which prevents guessing the ISN . Modern services are used for the authentication name of the user and password and transmit data in encrypted form , so in our time was no longer any need in the IP – spoofing .

How does spoofing work?

For example, email spoofing hackers can mislead the user about the sender’s identity and gain access to sensitive data. Or, they may try to use IP and DNS spoofing techniques to trick the user’s network into redirecting them to rogue sites masquerading as the real ones, thereby causing the user’s computer to become infected.

How to recognize spoofing?

The easiest way to recognize email spoofing is that the direct target is the user himself. Any email message Email that requires the user to provide personal information may be a spoofing attempt, especially if prompted for credentials. Remember, no trusted private or government agency requests personal information this way. Pay attention to the sender’s address to make sure it is legitimate.

However, the user will almost never know that he is a victim of IP or DNS spoofing, although the habit of paying close attention to details and changes in the usual behavior of the site can be extremely beneficial. If the site or its behavior raises the slightest doubt, it is better to refuse to perform the planned operation,