IP Spoofing and Packet Sniffing

IP spoofing and packet sniffing are common techniques for attacking and exploiting networks.

In IP spoofing, a malicious actor transmits IP packets from a spoofed source address that might appear to originate from a legitimate source. This technique is often the source of denial-of-service attacks, which are used to flood networks, resulting in the inability of legitimate traffic to reach its destination.

Packet sniffing is used to capture information in a network packet. This technique is commonly used to steal credentials (e.g., user IDs, passwords, credit card numbers). Attackers can lie dormant in a network, making them difficult to detect as they collect data.

Check Your Knowledge

Choose the best answer to each question:
Question 1
Which of the following captures packets that travel the network and is used to capture users' passwords?
DDoS attack
spoofing
sniffers
MitM attack
Question 2
One of the most common ways sniffers collect information is through ________.
phishing/social engineering
the physical attachment of the sniffer to a network device
the installation of the sniffer software on a local machine
the sniffer website
Question 3
Which of the following is true of an IP spoofing attack?
It convinces a system or user that the system or user is communicating with a trusted source.
It modifies the source addresses of trusted sources.
It can be used in a Smurf attack.
all of the above
Question 4
Which of the following is affected by a DDoS (distributed denial-of-service) attack?
confidentiality
integrity
nonrepudiation
availability
Question 5
The difference between a DoS attack and a DDoS attack is which of the following?
DoS attacks can affect all parts of the CIA triad, whereas DDoS attacks affect only one part.
DoS attacks affect many nodes, whereas DDoS attacks affect only a few.
A DDoS attack can be a one-to-many attack, whereas DoS attacks can be only one-to-one.
DDoS cannot be detected by a network-based IDS, but DoS can be.