By definition spoofing is termed as a technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host. To engage in IP spoofing, a hacker must first use a variety of techniques to find an IP address of a trusted host and then modify the packet headers so that it appears that the packets are coming from that host.Forging the source IP address causes the responses to be misdirected, meaning you cannot create a normal network connection.. In other words pretending to be a different Internet address from the one you really have in order to gain something. That might be information like credit card numbers, passwords, personal information or the ability to carry out actions using someone else’s identity, which in a true sense is a big crime with or without spoofing.
Examples of spoofing include:
man-in-the-middlepacket sniffs on link between the two end points, and can therefore pretend to be one end of the connectionrouting redirectredirects routing information from the original host to the hacker's host (this is another form of man-in-the-middle attack).source routingredirects indvidual packets by hackers hostblind spoofingpredicts responses from a host, allowing commands to be sent, but can't get immediate feedback.floodingSYN flood fills up receive queue from random source addresses; smurf/fraggle spoofs victims address, causing everyong respond to the victim.
Examples of spoofing include:
man-in-the-middlepacket sniffs on link between the two end points, and can therefore pretend to be one end of the connectionrouting redirectredirects routing information from the original host to the hacker's host (this is another form of man-in-the-middle attack).source routingredirects indvidual packets by hackers hostblind spoofingpredicts responses from a host, allowing commands to be sent, but can't get immediate feedback.floodingSYN flood fills up receive queue from random source addresses; smurf/fraggle spoofs victims address, causing everyong respond to the victim.
The most complex attack is to alter the address the master DNS servers will resolve for a given URL. The URL that an Internet user types in is not the numeric address of the site required, but an alphanumeric address structure. The DNS servers convert, say, www.articsoft.com, into a real Internet address, say 195.217.192.145 (not the correct address, but the point is made). This has to be done because people don’t generally remember and associate 12 digit numbers with anything except telephone numbers, and then they generally file them on the telephone with a ‘friendly name’ that they have some relationship with. An attack of this type has been successfully mounted that altered the server list, so that, for a period of time, users requesting some sites were directed to the wrong addresses. This type of attack is a major threat other attacks include changing Web site names and addresses,IP addresses and E-mail.As described above spoofing in a literal sense directs to intrusion in the personal property of another user without the knowledge and consent of that person ,hence a crime that leaves you with no personal safeguard of your stuff. The Budapest convention held for the secure use of IT had a clause:
Article 7 – Computer-related forgeryEach Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right, the input, alteration, deletion, or suppression of computer data, resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless whether or not the data is directly readable and intelligible. A Party may require an intent to defraud, or similar dishonest intent, before criminal liability attaches.
But according to this convention the steps taken by our government have somewhat lead to the protection of such activists.The hasty definitions used are basically misleading from the fact that only the actual spammer, spoofer or etc etc will be thrown forward for a criminal activity . The laws thus donot create a secure environment for business in Pakistan and a hostile environment for IT users. However,it does provide a pathway to the unjust capture of anyone who maynot be a liability to internet spoofing ,thus violation of human rights by the hands of our own government. FIA is at the moment designated for the purpose.
They can issue their own warrants.There is no requirement for mandatory grounds being given for obtaining a search and seizure warrantThe search and seizure can take placeAt any timeAny whereAny number of locationsIn regards any number of Computers (whether or not they also house other businesses/people’s data)Copies can be made without any chain of custodyThe Computers can be seized (even if they are vital to run a business or operation of a Bank, ISP or other establishment like a Mainframe, thus, shutting down all operations for some data being searched for on the Mainframe/Server of one customer)
The business/person being investigated has no right to:· Challenge such action· Keep a verified copy of the data (to ensure it cannot be tampered)· To ensure protection of Intellectual Property· To ensure that the data is kept secure· To ensure that the Data is destroyed after the investigation/end of the case.
Ridiculous is the only word that comes to the mind of the reader once you get to have a hang of the situation in which anyone,at any time and anywhere can be convicted under this law.
References:
