Question : Is IP spoofing possible, and how can we detect it?

For the last two month my company's Google Adsense expenses has gone through the roof with no increase in sales. I have been looking at the source of traffic, and 80% of the traffic is coming from 2 websites which belong to the same company. I have also looked at the IP addresses of all the traffic and have verified that they come from all over the world and that majority are not coming from proxy servers. Therefore, the traffic seems quiet legitimate. However, I am 100% convinced that the traffic is artificial due to many reasons such as the speed that the supposedly users go through our pages. Only an automated bot would go through the pages at that speed, and the majority of the traffic is of this type. So, the only possibility is that this company uses bots with some type of real refined IP spoofing.

I am not that familiar with IP spoofing, but I did find an article that suggested that it can be done by manipulating a DNS server. Now, my question is whether IP spoofing is really possible, and if yes how it is done. But more importantly, how can we detect it. If we can detect it, then it would be very easy to argue with Google that we would not pay for such a traffic.

Answer : Is IP spoofing possible, and how can we detect it?

There are robots out there that load as malware and wait for "commands" from their creators. These have been used as attack vehicles to flood a site with transmissions from hundreds of PCs at a time, hundreds of packets per second from each PC - completely shutting the site down. I was witness to one of these and the results were totally amazing and I definitely didn't want these people mad at me. The PC owners do not even know that their PCs are doing this, they just seem slow.

My point is that you may not have an IP spoofing problem at all. This type of robot could easily be used to "browse" through sites to kick up your click count and the IPs used would be legit. There would just be software clicking instead of humans. What a boon for the owners of these "robot networks" as I doubt there is much financial satisfaction to attacking sites, but to bot through sites such as yours to kick up income, well that's worth something.

Another thing to note, many places outside the US, Canada and maybe a dozen others do not have or spend the money to have their computers immunized from virus' and malware (I'm talking individuals, not companies). I would guess that if you researched some of these Ip numbers you would fine that most of them are tied to ISP's and given out to smaller clients rather that bought and controlled by companies - who usually do have better protection.

If this is the case, and I hope it is not, then it is a learning experience for us and shame on Google!

Random Solutions

DHCP Scope Conflict

Wireless internet access lost after installing AVG free

FireBox expert needed

Resolving NetBIOS Names

Mapped Network Drives are always "disconnected" at startup

Force Domain Logon

IP's for network

Can I sell a Cisco VOIP system?

Setting up Access List on Catalyst 4506, IOS version 12.1(20)EW2

DCHP Server Handing out IP Addresses to Weird Devices