IP Spoofing: What It Is and How to Protect Yourself Against It

Here's how to protect against IP spoofing attacks

Man sitting down and using laptop outside.

Lucian Novosel / Unsplash

Internet Protocol (IP) spoofing involves hackers tricking computer systems into accepting data to either impersonate another computer system or hide their own identity. IP spoofing is usually associated with cyber-attacks such as Distributed Denial of Service (DDoS) attacks.

The intended victims of cyberattacks using IP spoofing are typically computers and organizations, rather than individual people or customers.

What Is IP Spoofing?

Before we get into what IP spoofing is and how it works, we need to nail down the meaning of something known as a "network packet." A network packet (or packet for short) is basically a unit of data used to transmit information between users and recipients on the internet.

According to TechTarget, when it comes to IP spoofing, these packets are transmitted by hackers to their intended recipients with IP addresses different from their (the hackers) actual IP addresses. Essentially, these hackers are launching cyberattacks with these packets, then hiding the source of these packets by altering the listed source IP address to show (and impersonate) the IP address of another computer system.

And since the spoofed IP address makes it look like the packets are coming from trustworthy sources, the computers receiving the packets will still accept them.

In certain cyberattacks (like DDoS attacks) it's actually the whole point. If the computers on the receiving end of these packets keep accepting them because the spoofed IP address looks legitimate, and the hackers can send large volumes of them to overwhelm the computer servers of organizations, then those same servers can be so overwhelmed with packets they stop working.

Different Kinds of Attacks in Which IP Spoofing Is Used

Now that you have some idea of how IP spoofing works, let's take a closer look at how it's used in two common cyberattacks.

Man-in-the-Middle Attacks

Man-in-the-Middle (MITM) cyberattacks are basically what they sound like: A cyberattack in which the person being targeted by hackers attempts to communicate with an online presence (like a website) and the hacker (the man in the middle) grabs the victim's personal information without the victim realizing it.

Man-in-the-Middle attacks are actually pretty similar to pharming, which is a phishing scam involving the use of fake websites and sometimes malware to steal personal information.

And according to antivirus software brand Norton by Symantec, when IP spoofing gets involved with MITM attacks, it results in hackers deceiving people "into thinking you’re interacting with a website or someone you’re not, perhaps giving the attacker access to the information you’d otherwise not share."

Distributed Denial of Service Attacks

DDoS attacks are probably the kind of cyberattack most associated with IP spoofing and for good reason. In DDoS attacks, hackers use IP spoofing to trick the computers on the receiving end of their packets into accepting them.

In DDoS attacks, though, hackers send lots of packets, usually enough to overwhelm the servers of these organizations to the point that the servers become unusable by, for example, a company's staff or their customers.

How to Protect Yourself Against IP Spoofing Attacks

For the most part, when it comes to IP spoofing (and by extension DDoS attacks), there are little individual users can do to protect against it, as guarding against IP spoofing and DDoS attacks is usually handled by the organizations that could be victims of this type of spoofing attack.

However, there are a few things you can do to protect yourself against Man-in-the-Middle attacks:

  1. Double-check the URLs of the sites you visit. Confirm the URLs have an "https" at the beginning, instead of just "http." That former indicates the website is secure, and that the site is safe for you to interact with.

  2. If connecting your computer to public Wi-Fi, use a VPN. Norton by Symantec recommends you use a Virtual Private Network (VPN) to protect any personal information you send and receive when using a public Wi-Fi network.

  3. Avoid links in emails from people you don't know. Interacting with such links could direct you to a fake website set up by a scammer who wants to collect your personal information.