Spoofing Attack
Understanding the Mechanics of Spoofing Attacks: IP Address, DNS, and ARP Spoofing
Mitigate Spoofing Attacks TodayTable of Contents
What is a spoofing attack?
In a spoofing attack, a malicious party or program impersonates another device or user on a network in order to launch attacks against network hosts, steal data, spread malware, or bypass access controls. Spoofing is often the way a bad actor gains access in order to execute a larger cyberattack such as an advanced persistent threat or a man-in-the-middle attack.
- IP address spoofing (or IP spoofing): The creation of IP packets with a false source IP address for the purpose of impersonating another computer system and gaining unauthorized access to machines.
- DNS spoofing (aka DNS cache poisoning): A form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect result record, e.g. an IP address.
- ARP spoofing: Spoofed Address Resolution Protocol (ARP) addresses are sent onto a LAN in order to associate the attacker's MAC address with the IP address of another host, causing any traffic meant for that IP address to be sent to the attacker instead.