0

The way I understand is that if someone wants to pretend to be John Doe by using his IP address to conduct nefarious things on the internet, it would not be possible because

  1. traffic would only be one way
  2. the ISP would immediately detect it and flag it, and
  3. the Wifi router would immediately reject the incoming traffic

Is this correct?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Jay
  • 1

2 Answers2

1

Your points are true in certain situations, but not all

  1. traffic would only be one way

For TCP, the handshake would not complete, so there would be one packet, not all traffic. UDP has the a similar problem. The sender would be sending blind traffic, but all of it disconnected and no coherent response from the receiver. That's going to severely limit what "nefarious things" can be done. Mostly, it leaves only network-level nefariousness, like DDoS, flooding, etc.

  1. the ISP/local router would immediately detect it and flag it

It would depend on what monitoring is in place and what IP was being spoofed. There are ways to detect that an IP is coming from a strange network or interface. If that is turned on, then certain IPs would be detected. The common cases are if an IP associated with one network interface enters from another, or if private network IPs are coming in from the public network interfaces.

schroeder
  • 123,438
  • 55
  • 284
  • 319
0

That is not exactly it, but it is a bit similar.

Simply put, IP spoofing consists of forging specific network packets to impersonate a legitimate person or a system using this IP. While some use cases of this attack are aiming gaining access to a network segment (bypass authentication), others will target DDoS or botnets to disguise the source of the traffic related to an attack.

In other words, the objective of a threat actor is to tamper the header of the packet, which would be done by modifying the IP source address. On the receiving end, the packet looks from a trusted source so, most of the time, it will accept the communication if there is no robust verification or monitoring set up.

While it is quite difficult to detect, many strategies can be implemented to minimize the risk of this attack, such as deploying packet filtering which will inspect the headers and drop conflicting data. Another obvious measure would be to make sure the communications between the systems are encrypted with robust protocols, so that the probability of data tampering in transit is decreased.

raDiaSmO
  • 309
  • 1
  • 5
  • I understand that but I'm talking about what safeguards are used to prevent Person A to pretend to be Person B to conduct nefarious act using Person B's IP address? Does the internet router have a safeguard that help prevents something like this from happening? I think IP Hijacking would be the proper phrase for this? – Jay Dec 22 '21 at 06:20
  • @Jay you need to separate "impersonation" from "IP spoofing". You can't "impersonate" someone by using their IP. It's the difference between changing microwave settings and making a delicious meal. They might have some relation as microwave settings can have an effect but you can't equate the two. – schroeder Dec 22 '21 at 08:38