Spoofing is the art of acting to be something other than what you are. Spoofing attacks consist of substituting the valid source and/or destination IP address and node numbers with fake ones. Spoofing is included in most attacks because it gives attackers the ability to cover their identity through misdirection.
Spoofing is used when an attacker uses a stolen username and password to obtain entry, when an attacker changes the source address of a malicious packet, or when an attacker assumes the identity of a user to fool a server into transmitting controlled data.
Two specific kinds of spoofing attacks are impersonation and masquerading. Ultimately, these attacks are the same: someone is able to obtain access to a secured system by acting to be someone else. These attacks usually result in an unauthorized person getting access to a system through a valid user account that has been hacked.
Impersonation is considered a more active attack because it requires the capture of authentication traffic and the replay of that traffic in such a way as to gain access to the system. Masquerading is considered a more passive attack because the attacker uses previously hacked account credentials to log on to a secured system.
Countermeasures to spoofing attacks involve patching the operating system and software, allowing source/ destination verification on routers, and employing an IDS (intrusion detection system) to identify and block attacks.
