Spoofing

An attacker pretends to be a different user of system to gain access to a service.

IP spoofing - attacker uses someone elses IP address to acquire information or gain access.
- Basic Address Change - change a machine's IP address in the network configuration (via Networks in Windows; via ifconfig in UNIX)
- Source Routing - Use source routing to intercept packets
- Trust relationships on UNIX (using either .rhosts or /etc/hosts.equiv files
Email spoofing - spoofing the email address
- Using similar e-mail address
- Modify a mail client
- Telnet to port 25
Web spoofing
- registering a similar domain name
- link to a "fake" site
- "Man-in-the-Middle" attack
- URL rewriting - ex. anonymizer.com
Non-technical spoofing
- social engineering techniques
- Reverse social engineering