¶ Spoofing
¶ What is Spoofing?
It is a technique of sending packets with their original IP address falsified or altered. This technique is normally used in Internet attacks called denial of service (DoS). If the equipment on the network where the packets were generated does not verify the origin of the packets, any subsequent action to identify or block them is very difficult. The figure below exemplifies this type of attack:
Image source: https://bcp.nic.br/antispoofing
To learn more about what spoofing is, visit: https://bcp.nic.br/antispoofing#entenda
¶ What is the Impact of Spoofing?
In networks that allow spoofing, they contribute to the proliferation of denial of service (DoS) attacks on the internet, thus generating undue traffic, saturating backbones and networks, and also causing financial losses to other internet entities.
¶ How do we define Spoofing within Made4Flow?
To identify Spoofing on a network, we take into account:
- Registered prefixes
- The classification type of the interface
When analyzing traffic, Made4Flow takes into account: if a traffic is UPLOADED (OUT) on an interface classified as external, such as Traffic for example, and the source IP is an origin that is not registered in a prefix, we count this traffic as Spoofing
In internal interfaces, with the classification of the Client type, Made4Flow reverses the logic. If traffic is received at the entrance (IN) and the source IP is different from the registered prefixes, this will be counted as Spoofing within Made4Flow.
¶ How to access the Spoofing Dashboard:
Go to the menu -> Analysis -> Spoofing
¶ Explaining the dashboard
At the top of the screen, we have a router view where we can click on the router and expand to the interface level
Clicking the “+” button next to the router expands the view by interface
In the next graph we have the overall Spoofing Download and Upload Traffic for all routers. This graph refers to the last 24 hours.
The raw data report for the last 24 hours shows through which interface (s) the Spoofing traffic was generated and to which interface it was sent.
At the bottom of the dashboard we have the Top interfaces with the most Spoofing traffic
See also our video tutorial: