For lack of better terminology, I have been calling both of the
following situations 'spoofing'. If there is a better industry term
for the second scenario I would like to hear it:
1. MIBH (Man in Black Hat) knows the internal workings of the network
at company X. MIBH directly attempts to use an internal trusted IP
address from an untrusted attached network.
2. MIBH believes that company X is properly firewalled and that spoof
type 1 will not work. MIBH knows that company X has strong ties with
company Y. MIBH attempts to use the company Y IP address to gain
trusted access to application proxies on the firewall.
I realize that there are proper methods for protecting from both
attacks, I am just curious about naming conventions. Spoof type two
is still the attempt to use a trusted IP address to access restricted
Deloitte & Touche LLP