IP Spoofing
What is IP Spoofing?
IP SpoofingForging the source IP address of network packets to impersonate another host, bypass filters, or amplify denial-of-service attacks.
IP spoofing modifies the source address field in an IP header so packets appear to originate from a different machine. Attackers use it to evade ACLs that trust specific addresses, complete blind TCP attacks, hide the true origin of probes, or launch reflection and amplification floods that drown victims in responses from unwitting third parties. Effective mitigation depends largely on the network operators who could deny egress of forged packets: BCP 38/SAVI ingress filtering, uRPF on routers, anti-spoofing rules at the edge, and authenticated transport protocols (TLS, IPsec) that defeat the impersonation downstream.
● Examples
- 01
DNS or NTP amplification floods sent with the victim's IP as the source so reflectors respond to the victim.
- 02
Bypassing an internal allowlist by sending requests with a trusted partner's source IP.
● Frequently asked questions
What is IP Spoofing?
Forging the source IP address of network packets to impersonate another host, bypass filters, or amplify denial-of-service attacks. It belongs to the Attacks & Threats category of cybersecurity.
What does IP Spoofing mean?
Forging the source IP address of network packets to impersonate another host, bypass filters, or amplify denial-of-service attacks.
How do you defend against IP Spoofing?
Defences for IP Spoofing typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for IP Spoofing?
Common alternative names include: Source address spoofing.