1

As said in question, does ip spoofing mean that someone uses a proxy, thereby he/she appears as different ip in the internet world?

Hasan
  • 529
  • 1
  • 6
  • 16
  • You have good answers here: http://security.stackexchange.com/questions/48523/how-to-find-the-actual-address-of-spoofed-ips –  Oct 26 '15 at 17:33
  • There are lots of responses to this as a Google search. Have you looked at official sources for this definition? – schroeder Oct 26 '15 at 17:56

1 Answers1

2

IP Spoofing normally refers to the process of forging network packets to provide a misleading source IP address. When your computer sends data on the network, it includes it's own IP address in the data (similar to a return address on an envelope). Spoofing involves lying about what the actual return address is. There are many reasons for doing this, not all of them malicious.

There are also limitations with spoofing. For example, in TCP, it is not possible to set up a full connection with a spoofed address due to the handshake process.

Proxy use is sometimes called spoofing (especially by non-technical people), but there are some important differences. Specifically, it is still possible to trace the connection back to an originating host (i.e., the proxy) but not necessarily back to the original user.

Furthermore, on some corporate networks, all traffic goes through a proxy. In these cases, the IP address of the individual workstation might be useless to an external service. But, the proxy actually places a more more accurate, publicly routable, address on the packet. Additionally, some HTTP proxies are configured to add the original source IP address to the packet in the form of the X-Forwarded-For header.

Austin Hartzheim
  • 1,601
  • 12
  • 15
  • Actually the part about "There are also limitations with spoofing. For example, in TCP, it is not possible to set up a full connection with a spoofed address due to the handshake process." is not 100% correct. Kevin Mitnick is famous because he did exactly that. http://wiki.cas.mcmaster.ca/index.php/The_Mitnick_attack – David- Oct 26 '15 at 17:37
  • @David-: Of course, these attacks are much more difficult (dare I say impractical?) today with proper selection of the TCP sequence number: https://www.rfc-editor.org/rfc/rfc6528.txt – Austin Hartzheim Oct 26 '15 at 17:54
  • With proper selection yes. But the moment someone forgets and creates their own server software. I just thought it is worth noting that while it is one of the most difficult hacks to pull off, it is possible given the right conditions. – David- Oct 26 '15 at 18:03