• Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month
Page
  1. 1
    1
  2. 2
    2
  3. 3
    3
  4. 4
    4
  5. 5
    5
  6. 6
    6
  7. 7
    7
  8. 8
    8
  9. 9
    9
  10. 10
    10
  11. 11
    11
  12. 12
    12
  13. 13
    13
  14. 14
    14
  15. 15
    15
  16. 16
    16
  17. 17
    17
  • Level: GCSE
  • Subject: ICT
  • Word count: 7991

What is Spoofing?

Extracts from this document...

Introduction

Shumaila Aslam Information Security BSc Combined Honours Computer Science Spoofing Spoofing: E-mail, server..... How it is done, how it is detected, how to defend against it. What is Spoofing? Definition spoof (DECEIVE) [Show phonetics] verb [I or T] US INFORMAL to try to make someone believe in something that is not true, as a joke (from Cambridge Advanced Learner's Dictionary) Web spoofing is the act of secretly tricking your Web browser into talking to a different Web server than you intend. How? By attacking the DNS (domain name system) that maps the "www.site.com" in a URL to a network address, or by modifying a Web page to have a bad URL, or by tricking your browser as it interprets CGI data, JavaScript, etc. After your browser has been fooled, the spoofed Web server can send you fake Web pages or prompt you to provide personal information such as your login ID, password, or even credit card or bank account numbers. If done carefully, you probably will not even notice that you have been duped. How to Spot a Spoofed Page Some Web spoofing may be noticeable, so it is helpful to keep these tips in mind: * If you hold your mouse over a URL that is a link, the status line displays the corresponding URL. Be suspicious if the status line URL is different from what you think you should see. * When the Web page is being requested, the status line will show the name of the server. Beware if the server name is different from what you expected. * Your browser's location line is the place to watch for anything unusual about a site's URL. Unfortunately, clues to a Web spoofing attack can be hidden if the attacker is using JavaScript (which can write to the status line and rewrite location line URLs) or a similar program that makes all requests for a particular URL go to the attacker's system. ...read more.

Middle

Acknowledgments The URL-rewriting part of our demonstration program is based on Henry Minsky's code for the Zippy filter. We are grateful to David Hopwood for useful discussions about spoofing attacks, and to Gary McGraw and Laura Felten for comments on drafts of this paper. The figure was designed by Gary McGraw. For More Information More information is available from our Web page at http://www.cs.princeton.edu/sip, or from Prof. Edward Felten at felten@cs.princeton.edu or (609) 258-5906. References [1] Peter G. Neumann. Computer-Related Risks. ACM Press, New York, 1995. [2] Gary McGraw and Edward W. Felten. Java Security: Hostile Applets, Holes and Antidotes. John Wiley and Sons, New York, 1996. [3] Robert T. Morris. A Weakness in the 4.2BSD UNIX TCP/IP Software. Computing Science Technical Report 117, AT&T Bell Laboratories, February 1985. [4] Steven M. Bellovin. Security Problems in the TCP/IP Protocol Suite. Computer Communications Review 19(2):32-48, April 1989. [5] Steven M. Bellovin. Using the Domain Name System for System Break-ins. Proceedings of Fifth Usenix UNIX Security Symposium, June 1995. [6] Web site at http://www.anonymizer.com [7] Web site at http://www.metahtml.com/apps/zippy/welcome.html Gingham Shirt $85.00 NeimanMarcus.com Lacoste More Designer Men's webhead Inside the Internet. E-Mail Impersonators How to identify "spoofed" e-mail. By Bill Barnes Posted Tuesday, March 12, 2002, at 4:46 PM PT Editor's note: To read the complete explanation of how Slate was duped by an e-mail spoofer, see this "Press Box" column. After my wife cast her ballot on the morning of Election Day 1996, she arrived at work to find an e-mail from none other than the president of the United States ( president@whitehouse.gov ). He thanked her for her vote and promised to address her hot-button issues of education and women's rights. She was a little disturbed, but as it turned out the sanctity of her secret ballot hadn't been compromised. Someone (her husband) had merely sent her a spoofed e-mail. E-mail is considered "spoofed" when the e-mail address in the "From" field is not that of the sender. ...read more.

Conclusion

they will remain so. The best way forwards A change is needed to move from relying on networking systems that don't solve the problem to content management - signing and protecting the actual information itself and not just the unproven link(s) it is traveling over. That prevents all the typical network IP attacks from having any effect, and provides genuine control over the information itself. A change to securing content, rather than links, offers the e-business community significant benefits. For e-business, there is an imperative for the honest trader to identify themselves by clearly identifying their content. (How you link to them is then, actually irrelevant.) That way all their users can verify any content reaching them, and rely upon what that content is, regardless of how it got to them. The same would go for instructions to computer systems, services and networks. By switching to that approach, the business community can achieve major trading benefits: certainty that the quality of their information can be proven; certainty of secure trade for them and their customers; certainty of privacy for them and their customers; certainty that payment details cannot be misused. Conversely, traders not following such an approach identify themselves as leaving their customers open to fraud, misrepresentation, uncertainty and lack of confidence. Right now schemes to separate the good from the bad have little effect. ArticSoft have provided some novel steps in the direction of proof by content rather than proof by network connection. For Internet technologies this is a more pragmatic way to proceed because content may reside anywhere on the Internet. It also allows for protecting information that is confidential by much simpler methods than are offered by network based solutions. Such a change faces significant opposition, not least from the network providers, network analysts and managers, who risk being relegated to a lower status (and relative income) as a result. In practice, with the tools available, they have done the best job that could be done. Unfortunately, scripting attacks and cook book hacking methods are making those methods more vulnerable, and a change in approach is needed moving forwards. ...read more.

The above preview is unformatted text

This student written piece of work is one of many that can be found in our GCSE Communications section.

Found what you're looking for?

  • Start learning 29% faster today
  • 150,000+ documents available
  • Just £6.99 a month

Not the one? Search for your essay title...
  • Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month

See related essaysSee related essays

Related GCSE Communications essays

  1. Which properties of HTTP waste bandwidth? What is the additional problem using HTTP/1.0 together ...

    SIFS (Short Inter Frame Spacing): The shortest waiting time for medium access, this has the highest priority. It is defined for short control messages, such as acknowledgements of data packet or polling response. ? PIFS ( PCF - point coordination function, IFS - Inter-frame spacing).

  2. I will describe a short formal document using order form as one of my ...

    Features of a newspaper: * Weather news and forecast * Advice column * Critic review of movies plays, restaurants etc. * Expression of the editor * A gossip column * Comic strips and entertainments like games. * A sports column * A humour section * A food column Articles can be divided in 2 different sections; news or features.

  1. SK-II has already established as a leading brand within its' skin-care industry. By empowering ...

    * Other techniques o Analyze customer acquisition and retention promotions over time. o Learn which combinations of products are purchased. o Identify meaningful market segments using profile and web activity data. * Correlation measures the relationship between two sets of data on a scale of 0.0 (no correlation)

  2. OCR GCSE Business & Communication Task 7 Report

    I must also insure I am able to keep data accurate as inaccurate information can disrespect or humiliate clients therefore giving a negative and bad image upon my business, also resulting in a loss of customers. I have to remain clean and professional towards my clients and this includes incorporating a good image upon emails sent out.

  1. ICT IN ORGANIZATION

    This keeps customer interest because all prices are correct, if Tesco staff had to change them manually instead of it being computerised, the wrong price could be written down and then customers could be paying too much for a certain product and choose to shop elsewhere that isn't as expensive.

  2. Organisational behaviour - The Royal Mail

    Other stakeholders with relative power over royal mails activities are the owners of the franchisee post offices. If the owners of these post offices lose confidence in the company and close this would mean that the services offered by royal mail becoming inaccessible in rural areas and the organisation losing large amounts of customers.

  1. Critical Path Analysis

    It reminds people wanting to take your work, that is it not theirs to take. Copyright information also advertises your site designing to other people without affecting the appearance of the page. L Copy template pages throughout site, adjust headers - Before text and images can be added there must be somewhere to place them.

  2. Strategic Management of Innovation.

    Nextel Business Networks extends the service across numerous firms in a community of interest (e.g., construction, agriculture, boating, real estate). Nextel has found that the Direct Connect and Business Networks subscribers tend to stick around and not jump to other services at the slightest technical flicker.

  • Over 160,000 pieces
    of student written work
  • Annotated by
    experienced teachers
  • Ideas and feedback to
    improve your own work