IP spoofing

Attack tree

1 Non-blind spoofing attack (OR)
    1.1 Gain local network access to a segment (AND)
    1.2 Sniff sequence numbers
2 Blind spoofing attack
    2.1 Calculate sequence numbers


In an IP spoofing attack an external or internal adversary pretends to be using a trusted device by using the address of that device. This can be either an IP address within a range of trusted internal addresses for a network or an authorised external address that is trusted and allowed access to specified network resources. Spoofing an address might enable data to be sent through a router interface with filtering based on that address.

  • IP address spoofing is used to mask botnet device locations in DDoS attacks and to stage DrDoS attacks.

  • IP spoofing can also be used to bypass IP address-based authentication.