• Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month
  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12
  13. 13
  14. 14
  15. 15
  16. 16
  17. 17
  • Level: GCSE
  • Subject: ICT
  • Word count: 7991

What is Spoofing?

Extracts from this document...


Shumaila Aslam Information Security BSc Combined Honours Computer Science Spoofing Spoofing: E-mail, server..... How it is done, how it is detected, how to defend against it. What is Spoofing? Definition spoof (DECEIVE) [Show phonetics] verb [I or T] US INFORMAL to try to make someone believe in something that is not true, as a joke (from Cambridge Advanced Learner's Dictionary) Web spoofing is the act of secretly tricking your Web browser into talking to a different Web server than you intend. How? By attacking the DNS (domain name system) that maps the "www.site.com" in a URL to a network address, or by modifying a Web page to have a bad URL, or by tricking your browser as it interprets CGI data, JavaScript, etc. After your browser has been fooled, the spoofed Web server can send you fake Web pages or prompt you to provide personal information such as your login ID, password, or even credit card or bank account numbers. If done carefully, you probably will not even notice that you have been duped. How to Spot a Spoofed Page Some Web spoofing may be noticeable, so it is helpful to keep these tips in mind: * If you hold your mouse over a URL that is a link, the status line displays the corresponding URL. Be suspicious if the status line URL is different from what you think you should see. * When the Web page is being requested, the status line will show the name of the server. Beware if the server name is different from what you expected. * Your browser's location line is the place to watch for anything unusual about a site's URL. Unfortunately, clues to a Web spoofing attack can be hidden if the attacker is using JavaScript (which can write to the status line and rewrite location line URLs) or a similar program that makes all requests for a particular URL go to the attacker's system. ...read more.


Acknowledgments The URL-rewriting part of our demonstration program is based on Henry Minsky's code for the Zippy filter. We are grateful to David Hopwood for useful discussions about spoofing attacks, and to Gary McGraw and Laura Felten for comments on drafts of this paper. The figure was designed by Gary McGraw. For More Information More information is available from our Web page at http://www.cs.princeton.edu/sip, or from Prof. Edward Felten at felten@cs.princeton.edu or (609) 258-5906. References [1] Peter G. Neumann. Computer-Related Risks. ACM Press, New York, 1995. [2] Gary McGraw and Edward W. Felten. Java Security: Hostile Applets, Holes and Antidotes. John Wiley and Sons, New York, 1996. [3] Robert T. Morris. A Weakness in the 4.2BSD UNIX TCP/IP Software. Computing Science Technical Report 117, AT&T Bell Laboratories, February 1985. [4] Steven M. Bellovin. Security Problems in the TCP/IP Protocol Suite. Computer Communications Review 19(2):32-48, April 1989. [5] Steven M. Bellovin. Using the Domain Name System for System Break-ins. Proceedings of Fifth Usenix UNIX Security Symposium, June 1995. [6] Web site at http://www.anonymizer.com [7] Web site at http://www.metahtml.com/apps/zippy/welcome.html Gingham Shirt $85.00 NeimanMarcus.com Lacoste More Designer Men's webhead Inside the Internet. E-Mail Impersonators How to identify "spoofed" e-mail. By Bill Barnes Posted Tuesday, March 12, 2002, at 4:46 PM PT Editor's note: To read the complete explanation of how Slate was duped by an e-mail spoofer, see this "Press Box" column. After my wife cast her ballot on the morning of Election Day 1996, she arrived at work to find an e-mail from none other than the president of the United States ( president@whitehouse.gov ). He thanked her for her vote and promised to address her hot-button issues of education and women's rights. She was a little disturbed, but as it turned out the sanctity of her secret ballot hadn't been compromised. Someone (her husband) had merely sent her a spoofed e-mail. E-mail is considered "spoofed" when the e-mail address in the "From" field is not that of the sender. ...read more.


they will remain so. The best way forwards A change is needed to move from relying on networking systems that don't solve the problem to content management - signing and protecting the actual information itself and not just the unproven link(s) it is traveling over. That prevents all the typical network IP attacks from having any effect, and provides genuine control over the information itself. A change to securing content, rather than links, offers the e-business community significant benefits. For e-business, there is an imperative for the honest trader to identify themselves by clearly identifying their content. (How you link to them is then, actually irrelevant.) That way all their users can verify any content reaching them, and rely upon what that content is, regardless of how it got to them. The same would go for instructions to computer systems, services and networks. By switching to that approach, the business community can achieve major trading benefits: certainty that the quality of their information can be proven; certainty of secure trade for them and their customers; certainty of privacy for them and their customers; certainty that payment details cannot be misused. Conversely, traders not following such an approach identify themselves as leaving their customers open to fraud, misrepresentation, uncertainty and lack of confidence. Right now schemes to separate the good from the bad have little effect. ArticSoft have provided some novel steps in the direction of proof by content rather than proof by network connection. For Internet technologies this is a more pragmatic way to proceed because content may reside anywhere on the Internet. It also allows for protecting information that is confidential by much simpler methods than are offered by network based solutions. Such a change faces significant opposition, not least from the network providers, network analysts and managers, who risk being relegated to a lower status (and relative income) as a result. In practice, with the tools available, they have done the best job that could be done. Unfortunately, scripting attacks and cook book hacking methods are making those methods more vulnerable, and a change in approach is needed moving forwards. ...read more.

The above preview is unformatted text

This student written piece of work is one of many that can be found in our GCSE Communications section.

Found what you're looking for?

  • Start learning 29% faster today
  • 150,000+ documents available
  • Just £6.99 a month

Not the one? Search for your essay title...
  • Join over 1.2 million students every month
  • Accelerate your learning by 29%
  • Unlimited access from just £6.99 per month

See related essaysSee related essays

Related GCSE Communications essays

  1. Which properties of HTTP waste bandwidth? What is the additional problem using HTTP/1.0 together ...

    SIFS (Short Inter Frame Spacing): The shortest waiting time for medium access, this has the highest priority. It is defined for short control messages, such as acknowledgements of data packet or polling response. ? PIFS ( PCF - point coordination function, IFS - Inter-frame spacing).

  2. OCR GCSE Business & Communication Task 7 Report

    An advantage of using email to send out information, is that only the receiver can view the specific information. This can minimise unauthorised access but can be dangerous as virus's, pop-ups and hackers then have the opportunity to access information.

  1. ICT Systems in Everyday Life: Your Local Community

    differentiation form the home, electronic management of business, and of course, the details of the technology itself. I will address many of these issues in later articles. To gain perspective, it's useful to understand how we arrived where we are today.


    The light reflected back is interpreted as data. They are very cheap and easily transportable. Writeable CD's These are available in two different formats: CD-R (CD Recordable) and CD-RW (C-Rewritable). The CD-R can only be written to once whereas CD-RW can be re-written over and over again.

  1. I will describe a short formal document using order form as one of my ...

    even international or a piece of writing telling the news of the school, government and you have a piece of writing which tells you about how to use some new goods. I will describe an extended formal document by using a "newspaper" as one of my examples.

  2. Powerpoint technical Report

    Furthermore, you can watch the presentation in front of you, rather than having to sit down and read layers of text therefore it is more convenient, and it also provides a good base for a specific person to do a speech about the topic, rather than handing out leaflets, therefore

  1. ict nevio identify template.

    newsletter to advertise their facilities, their new year's plans. Create this in standard newsletter form and use columns. * Open a new document * Design a newsletter advertising the restaurant using... Headings Columns Standard newsletter form Font/styles Borders Colours Pictures Text boxes * Save as template 3 Make all the

  2. special needs

    These people are defined to have physical disability and therefore need the assistance of advanced technology which aids them in this particular disability and the requirement to overcome the hurdles that they may come across i.e. going shopping. Maria also faces physical disability and the hardware that guides her is an electronic wheelchair.

  • Over 160,000 pieces
    of student written work
  • Annotated by
    experienced teachers
  • Ideas and feedback to
    improve your own work