Sniffing and Spoofing are security threats that target the
lower layers of the networking infrastructure supporting
applications that use the Internet. Users do not interact
directly with these lower layers and are typically
completely unaware that they exist. Without a deliberate
consideration of these threats, it is impossible to
build effective security into the higher levels.
If the network packets are not encrypted, the data within the network packet can be read using a sniffer.
Sniffing data from the network leads to loss of privacy of several kinds of information that
should be private for a computer network to be secure. These kinds of information include the
- Financial account numbers
- Private data
- Low-level protocol information
Packet sniffing captures network traffic at the Ethernet frame level. Such a network attack starts with a tool such as Wireshark. Wireshark allows you to capture and examine data that is flowing across your network. Any data that is not encrypted is readable, and unfortunately, many types of traffic on your network are passed as unencrypted data — even passwords and other sensitive data. We will discuss about wireshark in the other posts.
Spoofing is an active security attack which involves masking the IP address of a certain computer system. By hiding or faking a computer's IP address, it is difficult for other systems to determine where the computer is transmitting data from. Because IP spoofing makes it difficult to track the source of a transmission, it is often used in denial-of-service attacks that overload a server. This may cause the server to either crash or become unresponsive to legitimate requests. Fortunately, software security systems have been developed that can identify denial-of-service attacks and block their transmissions.
IP spoofing-based DoS attacks are relatively straightforward. An attacker sends a packet to the target host with a forged IP address (SYN). The targeted host sends an acknowledgement (ACK) and waits for a response. The response never comes, and these unanswered queries remain in the buffer of the targeted device. If enough spoofed queries are sent, the buffer will overflow and the network device will become unstable and crash.
Phone number spoofing
Anyone can fake the number or area code of from where they are calling. This type of spoofing is done by telemarkers to hide their true identity and by hackers to gain access to unprotected phone voicemail messages.