Identity Spoofing (IP Address Spoofing)
Topic Last Modified: 2009-03-09
Spoofing occurs when the attacker determines and uses an IP address of a network, computer, or network component without being authorized to do so. A successful attack allows the attacker to operate as if the attacker is the entity normally identified by the IP address. Within the context of Office Communications Server 2007 R2, this situation comes into play only if an administrator has done both of the following:
- Configured connections that support only Transmission Control Protocol (TCP) (which is not recommended, because TCP communications are unencrypted).
- Had to mark the IP addresses of those connections as trusted hosts. This is less of a problem for Transport Layer Security (TLS) connections, which are by definition encrypted.
This precaution prevents an attacker from performing IP address spoofing on specific connection (for example, mutual TLS connections). But an attacker could still spoof the address of the DNS server that Office Communications Server uses. Although this spoofing is a threat to Office Communications Server, there is nothing the server can do to prevent it. Preventing this attack requires IT-infrastructure and network-level mitigations.