IP Spoofing is the DoS attacker’s tactic

 Posted by at 9:54 pm  IDS & IPS, Security  Comments Off on IP Spoofing is the DoS attacker’s tactic
Aug 152009
 

IP Spoofing is the act of modifying the source IP address of an IP packet. Each IP packet contains a header within which ther exists a source and destintion IP address. Spoofing is the act of changing the source IP address of an IP packet, without regard to the validity of that address. Source IP address validity is immaterial in a DoS attack, because the intent is to overwhelm the target site or server.

Some backround is essential–Based on the OSI reference model, the Internet Protocol (IP) is a layer 3 protocol and as such is connectionless, meaning there is neither transaction state information in the IP packet (aka datagram) header, nor a method to insure packet delivery to the proper destination. Digressing for a moment on packets versus datagrams, the term packet refers to a “reliable” service whereas datagrams refer to an “unreliable” service. IP datagrams are unreliable because they do not convey delivery failure information to the receiver, TCP packets on the other hand is a layer 4 protocol, and is connection-oriented and does convey delivery information to the receiver.

references:

IP Spoofing: An Introduction, http://www.securityfocus.com/infocus/1674

Wikipedia on Packets versus Datagrams, http://en.wikipedia.org/wiki/Packet_(information_technology)