Messages on the internet get sent around in “packets”. Written on every packet is a source IP address and a destination IP address, kind of like how mail envelopes get sent around with a sender’s address and a receiver’s address written on them.
Mailmen have to pass a mail envelope around in the right direction until it reaches the receiver’s address. Similar to that, a packet has to get sent around by routers in the right direction until the packet arrives at the destination IP address.
Essentially, the internet is just one big global mailing system like a regular postal service.
But just like how you can send a mail envelope with a false sender’s address, you can send a packet out on the internet with a spoofed (false) source IP address.
Imagine a hacker whose IP address is 1.3.3.7. There’s this guy he wants to play a prank on whose IP address is 4.4.4.4. The hacker also happens to know that the guy likes going to Google and looking at cute cat pictues, and that one of google.com‘s IP addresses is 8.8.8.0.
Well, the hacker decides to mess around with the guy by having Google send him pictures of bear cubs instead of cats. He makes a packet and marks the destination IP address as Google’s 8.8.8.0, but he marks the source IP address as the other guy’s 4.4.4.4. In the packet, he puts a request to Google for pictures of cute bear cubs.
He sends this packet off to the nearest router, and the packet eventually gets to Google at 8.8.8.0. Google looks at the packet and sees that it came from 4.4.4.4, and is asking for a bunch of pictures of cute bear cubs. Google sends a reply packet to 4.4.4.4 containing just that.
At the end of all this, the guy at 4.4.4.4 gets the packet full of bear cub pictues and sees that it came from 8.8.8.0, even though the hacker at 1.3.3.7 started this whole chain of events.
This is IP Address Spoofing. It’s a really old and really simple cyberattack that is still used today.
It might seem very harmless in my example, but just imagine if, instead of the hacker sending a Google request for pictures of bear cubs, the hacker sent an email to the other guy’s secretary telling her to transfer a million dollars to the hacker’s bank account.
Keep in mind: Email Address Spoofing works exactly the same way as IP Address Spoofing. Hackers can spoof both email addresses and IP addresses, and the secretary might even be security-conscious enough to look at both and see nothing amiss.
ʕ·ᴥ·ʔ: Sounds bad.
It is.
The good news is that recent innovations have been developed to counter Email Address Spoofing. New protocols like the Sender Policy Framework (SPF); DomainKeys Identified Mail (DKIM); and Domain-based Message Authentication, Reporting, and Conformance (DMARC); have been gaining attention and adoption because of how effective they are in combatting Email Address Spoofing. I’ll talk about all of them in a future article on email security.
The bad news is that IP Address Spoofing doesn’t have any similarly effective innovations to counter it. There is unfortunately no consistent way to tell whether or not the source IP address written on a packet is its real source IP address. The open and decentralized nature of the internet, with all the different routers owned and operated by all the different internet service providers, makes the internet so useful and so resilient, but also susceptible to basic false pretenses like this.
Maybe one day we’ll find a good way to beat IP Address Spoofing. But for now, it’s a problem we’ll just have to live with, and we’ll probably be living with it for a long time.
ʕ·ᴥ·ʔ: That’s too bad… Oh well! Let’s make ourselves feel better by looking at pictures of cute bear cubs!
Sure. Just as long as it ain’t on Google.