arp攻击与欺骗有什么区别_什么是欺骗(攻击)?
arp攻击与欺骗有什么区别
Spoofing is the act of falsifying some trust between different parties. A spoofing attack is a computer security term used to falsify different applications, protocols, and systems to gain an illegitimate advantage. Spoofing also defined as the attacker’s ability to pass themselves off as someone else for the target system.
欺骗是伪造不同方之间某些信任的行为。 欺骗攻击是一种计算机安全术语,用于伪造不同的应用程序,协议和系统,以获取非法优势。 欺骗还定义为攻击者以目标系统的身份冒充他人的能力。
Spoofing can be done in different environments, protocols, systems with different tools. Spoofing attack generally executed in the IT environment but there are some alternative spoofing attacks which are executed in the different areas like Geolocation, Phone Systems.
欺骗可以在不同的环境,协议,使用不同工具的系统中完成。 欺骗攻击通常在IT环境中执行,但是有些替代的欺骗攻击则在地理位置,电话系统等不同区域中执行。
欺骗历史 (Spoofing History)
The term spoofing is created by the English comedian Arthur Roberts in the 19th century. Today the spoofing is used in computing security in order to define an attack-type which can be implemented in different ways with different methods.
spoofing是19世纪英国喜剧演员亚瑟·罗伯茨(Arthur Roberts)创建的。 如今,欺骗已被用于计算安全性中,以定义一种攻击类型,该攻击类型可以用不同的方法和不同的方法来实现。
欺骗类型 (Spoofing Types)
As there are a lot of different types of systems and protocols used today IT systems there are a lot of spoofing tools.
由于当今IT系统使用了许多不同类型的系统和协议,因此存在许多欺骗工具。
ARP欺骗 (ARP Spoofing)
ARP is a network protocol used to resolve IP address and MAC address vice versa. Generally a host will ask the MAC address of the given IP address. ARP spoofing can be executed by providing fake MAC address for the ARP request for the given IP address. ARP spoofing is very popular technique in the network attacks which is mainly used inside the LAN.
ARP是一种网络协议,用于解析IP地址和MAC地址,反之亦然。 通常,主机会询问给定IP地址的MAC地址。 可以通过为给定IP地址的ARP请求提供伪造的MAC地址来执行ARP欺骗。 ARP欺骗是网络攻击中非常流行的技术,主要用于LAN内部。
IP地址欺骗 (IP Address Spoofing)
IP address spoofing is another network-related spoofing or attack technique where the sender or source provides fake source IP address information inside the IP packets. IP spoofing can be used for the DDoS attacks where the attacker identity can be found and attacks can not be prevented as every IP packet comes from a different IP address.
IP地址欺骗是另一种与网络相关的欺骗或攻击技术,其中发送方或源在IP数据包内部提供伪造的源IP地址信息。 IP欺骗可用于DDoS攻击,在这种DDoS攻击中,可以找到攻击者的身份,并且由于每个IP数据包都来自不同的IP地址,因此无法阻止攻击。
MAC欺骗 (MAC Spoofing)
MAC spoofing is another type of network-related spoofing where the network host uses different MAC address for the Layer2 communication. MAC address is changed for a different type of attacks to prevent detection and prevention for the MAC address and IP address of the attacker. MAC spoofing can be also used to connect MAC address restricted network to provide fake but valid MAC addresses.
MAC欺骗是另一种与网络相关的欺骗,其中网络主机使用不同的MAC地址进行第二层通信。 针对不同类型的攻击更改了MAC地址,以防止检测到并阻止攻击者的MAC地址和IP地址。 MAC欺骗也可用于连接受MAC地址限制的网络,以提供伪造但有效的MAC地址。
引荐来源欺骗 (Referrer Spoofing)
Some web sites use the HTTP protocol referrer mechanism. Referrer mechanism simply provides a referrer site when requesting some web page from another site in order to provide some part of authenticity. The referrer header is added to the HTTP request. When the web site we want to access process the HTTP request it will check the referred header. The referrer URL can be tricky because it can be set different URLs even these web sites are not referred. Referrer spoofing can be also called as Ref-tar spoofing.
一些网站使用HTTP协议引用程序机制。 当从另一个站点请求某些网页以提供真实性的一部分时,引荐来源网址机制仅提供了一个引荐来源网址。 引荐来源标头已添加到HTTP请求。 当我们要访问的网站处理HTTP请求时,它将检查引用的标头。 引荐来源网址网址可能很棘手,因为即使没有引用这些网站,也可以将其设置为不同的网址。 引荐来源网址欺骗也可以称为Ref-tar spoofing 。
来电显示欺骗 (Caller Id Spoofing)
Public telephone lines provide the caller ID during the initialization phase of a call. The caller ID or name is provided by the calling part where it can be changed in some cases. Especially the VoIP technology allows easily changing the Caller ID easily where different caller ID can be provided to the remote part.
公用电话线在呼叫初始化阶段提供呼叫者ID。 呼叫方ID或名称由呼叫方提供,在某些情况下可以更改。 尤其是,VoIP技术允许轻松更改呼叫者ID,而可以将不同的呼叫者ID提供给远程部分。
电子邮件地址欺骗 (E-mail Address Spoofing)
Emails use a similar header mechanism during the transmission. The sender information is provided as a header inside the email. Also, the sender email address is provided inside the sender information with the From: header. This header can be used for spoofing by providing fake information and abuse the receiver’s trust. The from header can contain different address then the original one like [email protected] even this is not the email sender. This technique is generally used by the spammers. This vulnerability is related to the SMTP protocol, which is used for transmitting the emails between email servers.
电子邮件在传输过程中使用类似的标头机制。 发件人信息在电子邮件中作为标题提供。 另外,发件人信息内还提供了发件人电子邮件地址,并带有发件人:标头。 通过提供虚假信息并滥用接收者的信任,此标头可用于欺骗。 发件人头可以包含与原始地址不同的地址,如[email protected]即使该地址不是电子邮件发件人。 垃圾邮件发送者通常使用此技术。 此漏洞与SMTP协议有关,该协议用于在电子邮件服务器之间传输电子邮件。
地理位置欺骗 (Geolocation Spoofing)
Geolocation spoofing is used to provide the geographic location of the client in different countries. Geolocation spoofing is mainly used to access entertainment content which is some times restricted for specific countries by using IP addresses and ASN maps. Geolocation spoofing is mainly implemented with the v*n, Web Proxy, or DNS Proxy methods. v*n is the most popular method for geolocation spoofing where the v*n user can imitate its web traffic from a specific country it wants. The single restriction is the v*n should have a server in the country to be used.
地理位置欺骗用于提供客户在不同国家/地区的地理位置。 地理位置欺骗主要用于访问娱乐内容,该娱乐内容有时通过使用IP地址和ASN地图在特定国家/地区受到限制。 地理位置欺骗主要通过v*n,Web代理或DNS代理方法实现。 v*n是最流行的地理位置欺骗方法,v*n用户可以从其想要的特定国家模仿其网络流量。 唯一的限制是v*n应该在要使用的国家/地区中拥有一台服务器。
GPS欺骗 (GPS Spoofing)
GPS spoofing will provide fake GPS signals to the GPS receivers. GPS receivers use the satellite provided GPS signals to get a precise location. These signals are provided from satellites located in the space. The GPS spoofing will overwrite the existing genuine GPS signals with the fake ones and the GPS receivers will calculate their locations with these fake GPS signals. GPS spoofing is hard to implements because of multiple GPS signals creating and overwriting existing signals.
GPS欺骗会将虚假的GPS信号提供给GPS接收器。 GPS接收器使用卫星提供的GPS信号来获得精确的位置。 这些信号是从太空中的卫星提供的。 GPS欺骗将使用伪造的信号覆盖现有的真实GPS信号,GPS接收器将使用这些伪造的GPS信号计算其位置。 由于多个GPS信号会创建和覆盖现有信号,因此难以实施GPS欺骗。
DNS欺骗 (DNS Spoofing)
DNS is used to resolve domain names into IP addresses. Domain names resolving process can be also spoofed with fake IP addresses. DNS spoofing also called DNS cache poisoning.
DNS用于将域名解析为IP地址。 域名解析过程也可能被假冒的IP地址欺骗。 DNS欺骗也称为DNS缓存中毒。
扩展欺骗 (Extension Spoofing)
Files are identified with names and extensions. Extensions are used to specify the type or content of the file. Attackers can spoof the extension of the file in order to run executable files covertly. For example “test.txt.exe” file can be shown like a txt file to click the user and run the executable file.
文件带有名称和扩展名。 扩展名用于指定文件的类型或内容。 攻击者可以欺骗文件的扩展名以暗中运行可执行文件。 例如,可以将“ test.txt.exe”文件显示为类似于txt文件的格式,以单击用户并运行可执行文件。
短信(SMS)欺骗 (Text Message (SMS) Spoofing)
SMS is very popular and basic protocol used in phone to sent text messages. It is a basic protocol where the text messages can be spoofed as sent by other parties easily.
SMS是非常流行的基本电话协议,用于手机发送短信。 这是一种基本协议,可以很容易地欺骗文本消息,就像其他方发送的消息一样。
欺骗工具 (Spoofing Tools)
Spoofing in computer security is generally a technical actions which generally requires some tools to implement. Below some spoofing tools are listed for different spoofing attack types.
欺骗计算机安全通常是一项技术操作,通常需要一些工具才能实施。 下面列出了一些针对不同欺骗攻击类型的欺骗工具。
- admid-pack is a tools used for the DNS spoofing admid-pack是用于DNS欺骗的工具
- arenea is a tool used for DNS spoofing which is fast.arenea是用于DNS欺骗的工具,速度很快。
- dns-spoof is yet another DNS spoofing tool. dns-spoof是另一个DNS欺骗工具。
- lans is a MAC address spoofing tool. lans是一种MAC地址欺骗工具。
- multimac is a MAC address spoofing tool. multimac是一种MAC地址欺骗工具。
- netcommander is a ARP spoofing tool. netcommander是ARP欺骗工具。
检测欺骗 (Detecting Spoofing)
Spoofing can be detected by using different techniques or methods. Also some security related applications or tools can be used to detect or help of detection of a spoofing attack. Below we will list these detection techniques or methods for spoofing attack.
可以通过使用不同的技术或方法来检测欺骗。 同样,一些与安全性相关的应用程序或工具也可以用于检测或帮助检测欺骗攻击。 下面我们将列出用于欺骗攻击的这些检测技术或方法。
检测电子邮件欺骗 (Detecting Email Spoofing)
Email spoofing can be detected by using some software, configuration, service or inspections methods.
可以使用某些软件,配置,服务或检查方法来检测电子邮件欺骗。
Email Security Software can detect the spoofing attack. It can provide detailed information about the spoofing attack. This software can be used in email servers or in users computers with different configuration.
Email Security Software可以检测到欺骗攻击。 它可以提供有关欺骗攻击的详细信息。 该软件可以在电子邮件服务器或具有不同配置的用户计算机中使用。
Email Security Service can also detect email spoofing attack by examining previous attacks for the future and getting attackers information like attacker IP address, attack technique, attacking content, target types etc.
Email Security Service还可以通过检查将来的先前攻击并获取攻击者信息(例如攻击者IP地址,攻击技术,攻击内容,目标类型等)来检测电子邮件欺骗攻击。
Email Inspection can be done by the user where some suspicious information can be detected with humen eye. Following list provides some suspicious elements inside an email.
用户可以通过Email Inspection ,其中可以用虎眼检测到一些可疑信息。 以下列表提供了电子邮件中的一些可疑元素。
-
Sender uses
Generic Email Domain发件人使用
Generic Email Domain -
Sender starts the mail with a
Generic Greeting发件人以
Generic Greeting开始邮件 -
Sender asks for the users
Personal Information发件人要求用户提供
Personal Information -
The email contains
Strange Attachments电子邮件包含
Strange Attachments -
Email text or body contains
Mistakes and inconsistencies电子邮件文字或内文包含
Mistakes and inconsistencies -
Email can provides links or URLs with
Spelling Tricks电子邮件可以提供带有
Spelling Tricks链接或URL
防止欺骗 (Protection Against Spoofing)
Spoofing attacks are very popular in these days which can create very serious problems. So protection against the spoofing attacks is a must for every person especially in the enterprise environments.
如今,欺骗攻击非常流行,这会造成非常严重的问题。 因此,对于所有人而言,防止欺骗攻击是必须的,尤其是在企业环境中。
Awareness is one of the most effective way for the spoofing attacks.
Awareness是进行欺骗攻击的最有效方法之一。
Security Software is another important part of the spoofing where awareness do not works. Especially for the technical parts security software will work perfectly.
Security Software是欺骗的另一个重要组成部分,在这种情况下,意识不起作用。 特别是对于技术零件,安全软件将完美运行。
Security Procedures are important in order to prevent spoofing and for the future occurence of the same spoofing attack.
Security Procedures对于防止欺骗以及将来再次发生相同的欺骗攻击非常重要。
Cryptographic and Encrypted Protocols can be used to encrypt traffic or authenticate the remote part where the spoofing can be prevented.
Cryptographic and Encrypted Protocols可用于加密流量或对可以防止欺骗的远程部分进行身份验证。
Spam filters software can be specifically used for email spoofing which is very popular.
Spam filters software可以专门用于非常流行的电子邮件欺骗。
arp攻击与欺骗有什么区别