.: Assalamualaikum....Selamat Datang :. Firdaus@NetSec: Spoofing

Monday, February 7, 2011

Spoofing

  • is a common phishing tactic.
  • is the creation of TCP/IP packets using somebody else's IP address. Routers use the "destination IP" address in order to forward packets through the Internet, but ignore the "source IP" address.
EXAMPLES OF SPOOFING
  1. Caller ID spoofing
  2. Email spoofing
  3. Man - in - the - midle
  4. Routing redirect 
  5. Source routing
  6. Blind spoofing
  7. Flooding
1.  CALLER ID SPOOFING 
  • the act of using a spoof card or other tool to call someone's phone under a false name.
2. EMAIL SPOOFING 
  • a technique used by hackers to fraudulently send email messages in which the sender address and other parts of the email header are altered to appear as though the email originated from a source other than its actual source.
  • Example :-
  1. E-mail "from" the American Red Cross following the September 11 disaster sent recipients to fake Web sites where people used credit cards to make "donations".
  2. Messages appearing to come from companies such as Warner Bros and Computerworld included links to porn sites.
  3. A recent virus program sent e-mail that appeared to come from Microsoft, and even used the company logo and other graphics. Links on the e-mail went to the actual Microsoft site, however the message urged you to install a Microsoft security update which was included as an attachment. Of course the attachment was really a virus.
     
WHO IS SPOOFING  ?
  • Spam
  • Viruses
  • Fraud
  • Trouble Maker
FIRST STEP IN SPOOFING
  • Determining the IP address of a host the intended target trust.
  • the attaker can change the headers of packets to make it seem like the transmissions are originating from yhe trusted machine.
PREVENTION OF CALLER ID SPOOFING
  • block spoofing calls
  • password protect your voicemail
  • avoid revealing sensitive information, such as your credit card or bank account number, via phone

PREVENTION OF EMAIL SPOOFING
  • Safeguard your email address and avoid disclosing it.
  • Distinguish real emails from spoofed ones.
  • Examine the email's language, tone and appearance, and note if it is different than usual.
  • Do not diclose personal information. 
  • Report suspicious emails to the company being spoofed. 
Jenis - jenis serangan yang lain diterangkan dengan detail oleh Faiz...
Sila lihat  KaSipeCaH