The main difference between IP and ARP spoofing

Question

My question can be broken into two parts:

1. ARP spoofing attack can appear in various ways but all of them have a similar goal: Take advantage of the lack of L2 authentication by poisoning the target ARP cache with the attacker's MAC Address. Since this process also requires spoofing the IP address of the target host, what is the difference between saying IP spoofing and ARP spoofing? Are they really a complement to each other in this case?
2. Source Address Validation SAVI has already been standardized by IETF to help to prevent IP Spoofing. This standard itself is very complicated and I really don't get the idea of this technique, can someone please briefly explain how SAVI helps to prevent against IP spoofing?

Answer 1

IP spoofing is filling in the IP address field on a packet with an address that isn't the sender's IP address. This means you can't receive responses to that packet, so it isn't particularly useful, but it can be used as part of an exploit in order to make it harder to trace, or to make it look like the packet came from another source in order to bypass IP based authentication measures (obviously only if the exploit doesn't require a response from the server). Another use is when carrying out DDOS attacks - here you don't care where the response is sent as long as the server handles the request.

An ARP spoofing attack involves transmitting faked ARP packets. The Address Resolution Protocol is used for translating network addresses (IP addresses) into link layer addresses (MAC addresses).

What normally happens is, a computer sends out an ARP request to every device on the network, asking for the MAC address corresponding to a given IP. The device that currently has that IP address then sends an ARP response back to the computer that originally made that request, containing it's MAC address.

In an ARP spoofing attack, you send a fake ARP response with your MAC address, before the intended recipient can respond. Now the computer that made the request thinks that that IP address belongs to you, and it will send all traffic that was intended for that recipient on to you instead.

You can then forward the traffic back on to the original recipient - you don't have to do this, but it allows you to intercept the connection without either device being aware. If the device that you have ARP hijacked is the gateway, you can now intercept (and tamper with) all internet traffic on the network (provided it isn't encrypted

Answer 2

IP spoofing:

IP spoofing is a technique where the attacker creates an IP that has a fake or bogus source IP address in its header. The IP is spoofed with fake information to either hide the sender’s identity or help him launch sneaky attacks like DDoS. -- source

ARP spoofing:

ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network. Once the attacker’s MAC address is connected to an authentic IP address, the attacker will begin receiving any data that is intended for that IP address. ARP spoofing can enable malicious parties to intercept, modify or even stop data in-transit. ARP spoofing attacks can only occur on local area networks that utilize the Address Resolution Protocol. -- source