How do you know that your system has been compromised?

How will you know if the email your friends got from you was spoofed?

Mail is being sent from somewhere else with your address being forged onto its "From:" line

-Full name:
Look at the "From:" on the junk mail your friends received. If your e-mail system normally sends your mail showing your full name followed by your e-mail address in on its "From:" line, a spammer spoofing just your address wouldn't know your name and could not do this.

Your address book used:
-If many of your personal correspondents are simultaneously getting the same junk mail from your address, that's a pretty sure indicator that it's coming from your account, because the sender has access to your personal address book.
-Someone otherwise forging your address onto their "To:" line would not be able to target all of your friends at once, and would be very unlikely to hit any of them at all.

Launching Server
-Look at the full headers (usually hidden) on one of the junk messages as received. Among the headers are a bunch of postmarks, lines beginning "Received:". The oldest one (farthest down the list) explains how the message was first launched into the e-mail network; subsequent ones (farther up toward the top) track its travel to you. If the early ones name a server on your e-mail provider (Yahoo, Hotmail, Google, or whatever) that tends to suggest that your account was hacked.

-done by Eagle

Countermeasures to Spoofing

• Use strong authentication


• Do not store secrets (for example, passwords) in plain text and don't write down passwords in easily accessible places
  


• Do not pass credentials in plain text over the wire.


• Protect authentication cookies with Secure Sockets Layer (SSL)

It is possible to block obviously spoofed packets. This can be done by filtering incoming packets that appear to come from an internal IP address within your perimeter and outgoing packets that appear to originate from an invalid local IP address.

Done by Xiu Qi

What are two tools used in the spoofing attack?

Filtering at the Router - Implementing ingress and egress filtering on your border routers is a great place to start your spoofing defense.

Encryption and Authentication - Implementing encryption and authentication will also reduce spoofing threats.

How is spoofing done?

An attacker uses a fake source address that does not represent the actual address of the packet. Spoofing may be used to hide the original source of an attack or to work around network access control lists (ACLs) that are in place to limit host access based on source address rules. Spoofing attacks differ from random scanning and other techniques used to ascertain holes in the system. Spoofing attacks occur only after a particular machine has been identified as vulnerable. By the time the attacker is ready to conduct a spoofing attack, he or she knows the target network is vulnerable and which machine is to be attacked.