Attacks & Threats
IP Spoofing
Also known as: Source address spoofing
Definition
Forging the source IP address of network packets to impersonate another host, bypass filters, or amplify denial-of-service attacks.
Examples
- DNS or NTP amplification floods sent with the victim's IP as the source so reflectors respond to the victim.
- Bypassing an internal allowlist by sending requests with a trusted partner's source IP.
Related terms
DDoS Amplification
A DDoS technique that abuses UDP-based services to reflect responses many times larger than the spoofed request, allowing small attackers to generate massive flood volumes.
DNS Amplification Attack
A reflection DDoS attack that abuses open DNS resolvers by sending small queries with the victim's spoofed IP, causing resolvers to send large DNS responses to the victim.
NTP Amplification Attack
A reflection DDoS attack abusing the NTP MONLIST (and similar) commands to make NTP servers reply with very large packets to a spoofed victim address.
Smurf Attack
A legacy amplification DDoS that sends ICMP echo requests to a network's broadcast address with the victim's IP spoofed as the source, causing every host on that network to reply to the victim.
SYN Flood
A TCP-based denial-of-service attack that sends many SYN packets without completing the three-way handshake, exhausting the target's connection-state resources.
MAC Spoofing
Changing a network interface's hardware MAC address to impersonate another device, bypass MAC-based access controls, or evade tracking.