PrepAway - Latest Free Exam Questions & Answers

How would you detect IP spoofing?

Cyber Criminals have long employed the tactic of masking their true identity. In IP spoofing, an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine, by "spoofing" the IP address of that machine.

How would you detect IP spoofing?

PrepAway - Latest Free Exam Questions & Answers

A.
Check the IPID of the spoofed packet and compare it with TLC checksum. If the numbers match then it is spoofed packet

B.
Probe a SYN Scan on the claimed host and look for a response SYN/FIN packet, if the connection completes then it is a spoofed packet

C.
Turn on ‘Enable Spoofed IP Detection’ in Wireshark, you will see a flag tick if the packet is spoofed

D.
Sending a packet to the claimed host will result in a reply. If the TTL in the reply is not the same as the packet being checked then it is a spoofed packet

2 Comments on “How would you detect IP spoofing?

  1. some packet normalizing firewalls reset TTLs and other TCP/IP Variables to mask internal architecture so relying on TTLs is not trustworth. Even regular computers can rewrite TTLs to make it look like they came from another location past layer 3 devices.


Leave a Reply