The Danger of Spoofing

Internet securityComputers need to be able to communicate with one another through specific channels. This can be done through FTP protocols that enable computers to share information with each through ports. Although information is shared through alternatives to FTPs, for many people, FTP solutions are the simplest. One of the biggest concerns here is the way that an attacker can exploit vulnerabilities in an FTP protocol and gain unwarranted access to a user’s computer. One of the biggest ways that FTP is exploited is through an attack called spoofing.

In a network security framework, a spoofing attack is defined as a circumstance where one person successfully disguises themselves as another person by changing data. Data is changed to something that the host system recognizes, and the attacker gains access. The trouble with FTP and TCP/IP protocols in this instance is that they do not have in place mechanisms for ensuring the identifying the source or final destination of a file or message. This is what allows FTP to be great for sharing files between different users. It is designed for information to be shared across ports and copied between computers. If the user does not take extra precautions to ensure the safety of their system, then they make themselves vulnerable to spoofing attack.

The most egregious way that a spoofing attack can occur is through something called a “man in the middle attack”. As the name suggests, an attacker positions himself between two people who would be having a conversation. The attacker in reality would be posing as one or the other person and intercepting the conversation to varying degrees. The attacker can then manipulate the situation to such a degree that either chat party believes the other person they are speaking to is genuine, and not the attacker themselves. The attacker can then exploit the situation to gain leverage or unwarranted access to information.

Another way that an attacker can use spoofing is through the ARP spoofing, which is generally used to open up a computer to further attack. Essentially, the attacker in an ARP attack fools the other computer into believing that another site that he has set up is the actual destination for whatever traffic the host computer is sending information. Although an ARP spoofing attack is specific to only to local area networks, an attacker can still stop traffic, modify user settings, or shut everything down.

Finally, a spoofing attack can take place in the form of an IP spoofing. This is where an attacker designates a fake IP address that conceals the attacker, from which the attacker sends a flood of traffic with the intent of stopping up or shutting down the user or service. Anyone who has received a flood of spam messages popping up all over the screen has been subject to this kind of attack. This kind of attack can also be used to defeat user security measures by flooding the system with too much information.

Spoofing can be dangerous for FTP users if they are not aware of its vulnerabilities and limitations. Although alternatives to FTP are more secure, spoofing remains a tool in the attackers toolbox.

Greg Haines writes for several tech blogs and suggests finding out about the alternative to ftp for worry free transfers.