Ip Spoofing

17,354 views
16,899 views

Published on

Presentation on web's most dangerous attack - IP Spoofing.

Published in: Technology
2 Comments
9 Likes
Statistics
Notes
  • need more description about diagram...pls upload more details ..pls send the report of this ppt....
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • nice need more explanation
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
17,354
On SlideShare
0
From Embeds
0
Number of Embeds
21
Actions
Shares
0
Downloads
1,198
Comments
2
Likes
9
Embeds 0
No embeds

No notes for slide

Ip Spoofing

  1. 1. NETWORK SECURITY A PAPER ON P ITFALLS AND PROBLEMS ENCOUNTERED IN IP-SPOOFING Arpit Gupta Deepika Chug
  2. 2. Bad Practices Spread It is easy to see the faults of others but not so easy to see one’s own faults If I just open a bunch of ports in the firewall my app will work. I think I will wedge the computer room door open. Much easier. They have blocked my favorite Web site. Lucky I have a modem. I think I will use my first name as a password. Say, we run a network too. How do you configure your firewalls? Why do we need the door locked? Hey, nice modem. What's the number of that line? I can never think of a good password. What do you use?
  3. 3. Understanding The Landscape Author Script-Kiddie Hobbyist Hacker Expert Specialist Vandal Thief Spy Trespasser National Interest Personal Gain Personal Fame Curiosity
  4. 4. An Evolving Threat Hobbyist Hacker Expert Specialist Largest area by volume Largest area by $ lost Script-Kiddie Largest segment by $ spent on defense Fastest growing segment Author Vandal Thief Spy Trespasser National Interest Personal Gain Personal Fame Curiosity
  5. 5. IP -> Internet Protocol.. Spoofing -> Hiding.. It is a trick played on servers to fool the target computers into thinking that it is receiving data from source other than the trusted host. This Attack is actually a Trust-Relationship Exploitation. “ Things are not what they seem and that is why the world gets conned” WHAT IS IP-SPOOFING ???
  6. 6. A B C B is on line A disguising his voice,making it sound more like that of B If we now,replace the 3 people by computers and change the term “voice” with “IP-Address” then you would know what we mean by IP-SPOOFING… REAL LIFE EXAMPLE TO EXPLAIN WHAT IS IP SPOOFING.
  7. 7. HACKER 203.45.98.01 VICTIM 202.14.12.10 FAKE 202.23.45.89 FAKE 202.23.45.89 Remote Host Datagram (Data Packets) Trusted Host Attacking Host IP SPOOFING
  8. 8. C B A CLIENT HOST A B C PACKETS DISCRIPTION: SYN =client’s ISN (4894305) ACK= 0 SYN= Host’s ISN (1896955367) ACK= client’s ISN +1 (4894306) ACK= Host’s ISN +1 (1896955368) THE 3-WAY HANDSHAKE ..
  9. 9. THE ATTACK IN BRIEF …… <ul><li>The Target Host is Chosen . </li></ul><ul><li>A Pattern of Trust is discovered, along with </li></ul><ul><li>the Trusted Host . </li></ul><ul><li>3. Trusted Host is Disabled & the Target’s </li></ul><ul><li>TCP Sequence number is detected . </li></ul><ul><li>4. Trusted Host is impersonated, the Sequence </li></ul><ul><li>numbers guessed, & a connection attempt is </li></ul><ul><li>made to service , that only requires address- </li></ul><ul><li>-based authentication . </li></ul>-- ON SUCCESS THE ATTACKER ISSUES A SIMPLE COMMAND TO LEAVE A BACKDOOR --
  10. 10. THE ATTACK HACKER 203.45.98.01 VICTIM 202.14.12.10 FAKE 202.23.45.89 Remote Host Packets with IP Address of Trusted Host (FAKE) Attacking Host
  11. 11. THE ATTACK VICTIM 202.14.12.10 FAKE 202.23.45.89 Trusted Host SYN / ACK PACKETS , Remote Host
  12. 12. As soon as we find the TRUSTED-HOST ( FAKE),our next Step is to disable it. WHY ???? “ -- FAKE must not at any time respond to the SYN/ACK packet send by VICTIM -- “ How to do it ???? Use up all the memory of TRUSTED-HOST so that it will not able to respond to the SYN/ACK packet sent to it by the VICTIM . So one very easy method of doing so is to Perform the SYN Flooding Denial of Service Attack TRUSTED HOST DISABLING..
  13. 13. SYN SYN SYN SYN SYN SYN QUEUE FULL There is a upper limit of how many concurrent SYN request TCP can process for a given socket, this limit is called BACKLOG LIMIT B A C k L O G Q U E U E Backlog limit = length (Queue) SO what is SYN FLOODing ???
  14. 14. BLIND ATTACK FAKE 202.23.45.89 Trusted Host SYN / ACK PACKETS , VICTIM 202.14.12.10 Remote Host HACKER 203.45.98.01 Attacking Host
  15. 15. THE ATTACK HACKER 203.45.98.01 VICTIM 202.14.12.10 Remote Host SYN/ACK Packets acknowledging Trusted Host has received SYN/ACK Packets Attacking Host
  16. 16. Detection <ul><li>Monitoring packets </li></ul><ul><li>external interface source and destination IP addresses in your local domain. </li></ul><ul><li>Accounting logs between systems on your internal network. </li></ul><ul><li>log entry on the victim machine showing a remote access </li></ul><ul><li>Detecting unusual activity </li></ul>
  17. 17. 1.Packet Filtering 2. Firewall 3.Initial Sequence Number Randomizing Preventive Measures
  18. 18. Packet Filtering <ul><li>internal network connected to Internet </li></ul><ul><li>Router filter packets-by-packets, decision to </li></ul><ul><li>forward/drop packets based on: </li></ul><ul><li>--Source IP address, destination IP address. </li></ul><ul><li>--TCP SYN and ACK bits. </li></ul>Should arriving packet be allowed in? Departing packet let out?
  19. 19. Our network is secure, right? Oh sure, Don’t worry. We have several firewalls
  20. 20. Initial Sequence Number (ISN) Randomizing ISN Incrementation At every connection --incremented by 64,000 At every sec. – incremented by 128,000 Its value gets wrapped every 9.32hrs. So,it’s easy for any genius to do the guesswork and calculate the correct sequence number
  21. 22. CONCLUSION IP-Spoofing is an exploitation of trust-based relationship and can be curbed effectively if proper measures are used.Understanding how and why spoofing attacks are used , combined with a few simple prevention methods, can help protect networks from these malicious cloaking and cracking techniques.
  22. 23. Make your Network Secure
  23. 24. IP-Spoofing Software In Technical Discussion Client Client Client/Server Target Victim Hacker Part 1 : Target is being attacked 192.168.1.2 192.168.1.20 192.168.1.30 Target is being attacked With the UDP packets, when No measures were taken UDP 192.168.1.20
  24. 25. IP-Spoofing Software In Technical Discussion Client Client Client/Server Target Victim Hacker Part 2 : Target is being attacked but the software is interface to this 192.168.1.2 192.168.1.20 192.168.1.30 The s/w UDP 192.168.1.20 UDP 192.168.1.20
  25. 26. IP-Spoofing Software In technical Discussion Part 3: The s/w Role as an Interface 1)Scans all the Registered IP Addresses for their Authenticity. myip log file (List of registered clients) While scanning these it also resolves The respective Mac Address at runtime. 2) (Maintains the list of spoofed Clients) log file
  26. 27. IP-Spoofing Software In technical Discussion Part 3.1: The s/w Role as an Interface 3) Maintains the list of Registered Clients whenever they communicate. myhost log file (List of registered clients) 4)The unauthorised user is blocked.
  27. 29. UDP HEADER 16 32 Source port Destination port Length Checksum Data
  28. 30. 16 32 bits Source port Destination port Sequence number Acknowledgement number Offset Resrvd U A P R S F Window Checksum Urgent pointer Option + Padding Data TCP header structure
  29. 31. <ul><li>RESOURCES OF HELP:::: </li></ul><ul><li>what is ethical hacking http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci921117,00.html </li></ul><ul><li>CSS ethical hacking </li></ul><ul><li>http://css.sfu.ca/update/ethical-hacking.html </li></ul><ul><li>pros and cons of ethical hacking </li></ul><ul><li>http://www.cioupdate.com/trends/article.php/3303001 </li></ul><ul><li>Prateek Mittal, Gautam Barua ‘Detection of ip-spoofing’ </li></ul><ul><li>http://www.iitg.ernet.in/engfac/cse/public_html/students/mittal/ipspoofing_derm.html </li></ul><ul><li>http://www.developerfusion/uk community of developer/how can i use my ip address - code.htm </li></ul><ul><li>‘ IP Spoofing Demystified’, http://datastronghold.com/articles/hacking-articles/IP spoofing.html </li></ul><ul><li>‘ Blind part of IP Spoofing’, http://examples.orielly.com/networksa/tools/blind-spoof.html </li></ul><ul><li>‘ Non-Blind part of IP Spoofing’, </li></ul><ul><li>http://www.datastronghold.com/security-articles/hacking-articles/-=-a-short-overview-of-ip-spoofing-part-1=-.html </li></ul>

×