Your SlideShare is downloading. ×
0
IP SPOOFING Attacks & Defences By PRASAD R RAO
Outline <ul><li>Introduction </li></ul><ul><li>IP Spoofing attacks </li></ul><ul><li>IP Spoofing defences </li></ul><ul><l...
<ul><li>Introduction </li></ul>
Types of spoofing <ul><li>IP spoofing : Attacker uses IP address of another computer to acquire information or gain access...
IP Spoofing <ul><li>IP spoofing is the creation of tcp/ip packets with somebody else’s IP address in the header. </li></ul...
<ul><li>Since the attacker does not receive packets back, this is called a  one-way attack  or  blind spoofing . </li></ul...
IP Spoofing Attacks <ul><li>Blind IP Spoofing </li></ul><ul><li>Man in the middle attack </li></ul><ul><li>Source routing ...
Blind IP Spoofing <ul><li>Usually the attacker does not have access to the reply, abuse trust relationship between hosts. ...
Blind IP spoofing
Man in the middle attack <ul><li>If an attacker controls a gateway that is in the delivery route, he can  </li></ul><ul><l...
 
Source routing <ul><li>Source routing is one of the IP options that allows the specification of an IP address that should ...
<ul><li>Types of source routing: </li></ul><ul><li>Loose source routing  ( LSR ): The sender specifies a list of some IP a...
<ul><li>An attacker sends a packet to the destination with a spoofed address but  specifies  LSR and puts his IP address i...
ICMP Echo Attacks <ul><li>Map the hosts of a network :The attack sends ICMP echo datagram to all the hosts in a subnet, th...
 
  ICMP Redirect attacks   <ul><li>ICMP redirect messages can be used to re-route traffic on specific routes or to a specif...
 
After ICMP redirect attack
  UDP attacks   <ul><li>UDP is a connectionless protocol .There is no error checking or guaranteed delivery. UDP packets a...
 
TCP Attacks <ul><li>The attack aims at impersonating another host mostly during the TCP connection establishment phase . <...
 
IP Spoofing defences <ul><li>Don’t rely on IP-based authentication. </li></ul><ul><li>Use router filters to prevent packet...
<ul><li>Use random initial sequence numbers. Prevents SN prediction . </li></ul>
CONCLUSION <ul><li>IP spoofing is less of a threat today due to the use of random sequence numbering. </li></ul><ul><li>Ma...
<ul><li>Thanks!  </li></ul>
Upcoming SlideShare
Loading in...5
×

I P S P O O F I N G

5,051

Published on

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
5,051
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
421
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Transcript of "I P S P O O F I N G"

  1. 1. IP SPOOFING Attacks & Defences By PRASAD R RAO
  2. 2. Outline <ul><li>Introduction </li></ul><ul><li>IP Spoofing attacks </li></ul><ul><li>IP Spoofing defences </li></ul><ul><li>Conclusion </li></ul>
  3. 3. <ul><li>Introduction </li></ul>
  4. 4. Types of spoofing <ul><li>IP spoofing : Attacker uses IP address of another computer to acquire information or gain access. </li></ul><ul><li>Email spoofing : Attacker sends email but makes it appear to come from someone else </li></ul><ul><li>Web spoofing : Attacker tricks web browser into communicating with a different web server than the user intended. </li></ul>
  5. 5. IP Spoofing <ul><li>IP spoofing is the creation of tcp/ip packets with somebody else’s IP address in the header. </li></ul><ul><li>Routers use the destination IP address to forward packets, but ignore the source IP address. </li></ul><ul><li>The source IP address is used only by the destination machine, when it responds back to the source. </li></ul><ul><li>When an attacker spoofs someone’s IP address, the </li></ul><ul><li>victim’s reply goes back to that address. </li></ul>
  6. 6. <ul><li>Since the attacker does not receive packets back, this is called a one-way attack or blind spoofing . </li></ul><ul><li>To see the return packets, the attacker must intercept them. </li></ul>
  7. 7. IP Spoofing Attacks <ul><li>Blind IP Spoofing </li></ul><ul><li>Man in the middle attack </li></ul><ul><li>Source routing </li></ul><ul><li>ICMP attacks </li></ul><ul><li>UDP attacks </li></ul><ul><li>TCP attacks </li></ul>
  8. 8. Blind IP Spoofing <ul><li>Usually the attacker does not have access to the reply, abuse trust relationship between hosts. </li></ul><ul><li>For example: Host C sends an IP datagram with the address of some other host (Host A) as the source address to Host B. Attacked host (B) replies to the legitimate host (A). </li></ul>
  9. 9. Blind IP spoofing
  10. 10. Man in the middle attack <ul><li>If an attacker controls a gateway that is in the delivery route, he can </li></ul><ul><li>Sniff the traffic </li></ul><ul><li>Intercept the traffic </li></ul><ul><li>Modify traffic </li></ul><ul><li>This is not easy in the internet because of hop by hop routing, unless source routing is used. </li></ul>
  11. 12. Source routing <ul><li>Source routing is one of the IP options that allows the specification of an IP address that should be on the route for the packet delivery. </li></ul><ul><li>This allows someone to use a spoofed return address, and still see the traffic by placing his machine in the path . </li></ul>
  12. 13. <ul><li>Types of source routing: </li></ul><ul><li>Loose source routing ( LSR ): The sender specifies a list of some IP addresses that a packet must go through (it might go through more) </li></ul><ul><li>Strict source routing ( SSR ): The sender specifies the exact path a packet must take (if it is not possible the packet is dropped) </li></ul>
  13. 14. <ul><li>An attacker sends a packet to the destination with a spoofed address but specifies LSR and puts his IP address in the list. </li></ul><ul><li>An attacker could use source routing to learn more about a network that he or she is targeting for attack </li></ul><ul><li>The best way to protect against source </li></ul><ul><li>routing spoofing is to simply disable source routing at your routers. </li></ul>
  14. 15. ICMP Echo Attacks <ul><li>Map the hosts of a network :The attack sends ICMP echo datagram to all the hosts in a subnet, then he collects the replies and determines which hosts are alive . </li></ul><ul><li>Denial of service attack (SMURF attack) :The attack sends spoofed (with victim‘s IP address) ICMP Echo Requests to subnets, the victim will get ICMP Echo Replies from every machine. </li></ul>
  15. 17. ICMP Redirect attacks <ul><li>ICMP redirect messages can be used to re-route traffic on specific routes or to a specific host that is not a router at all. </li></ul><ul><li>The ICMP redirect attack is very simple: just send a spoofed ICMP redirect message that appears to come from the host‘s default gateway. </li></ul>
  16. 19. After ICMP redirect attack
  17. 20. UDP attacks <ul><li>UDP is a connectionless protocol .There is no error checking or guaranteed delivery. UDP packets are very simple and are mainly used for low overhead protocols. </li></ul><ul><li>TCP is connection oriented and the TCP connection setup sequence number is hard to predicated . </li></ul><ul><li>UDP traffic is more vulnerable for IP spoofing than TCP. </li></ul>
  18. 22. TCP Attacks <ul><li>The attack aims at impersonating another host mostly during the TCP connection establishment phase . </li></ul><ul><li>To spoof a TCP connection hacker needs to know via which algorithm the server generates its initial sequence </li></ul><ul><li>The hacker needs this to supply the correct number in its final ACK message confirming the connection and in all subsequent data packets . </li></ul>
  19. 24. IP Spoofing defences <ul><li>Don’t rely on IP-based authentication. </li></ul><ul><li>Use router filters to prevent packets from </li></ul><ul><li>entering your network if they have a source </li></ul><ul><li>address from inside it. </li></ul><ul><li>Use router filters to prevent packets from leaving </li></ul><ul><li>your network if they have a source address from </li></ul><ul><li>outside it. </li></ul>
  20. 25. <ul><li>Use random initial sequence numbers. Prevents SN prediction . </li></ul>
  21. 26. CONCLUSION <ul><li>IP spoofing is less of a threat today due to the use of random sequence numbering. </li></ul><ul><li>Many security experts are predicting a shift from IP spoofing attacks to application-related spoofing. </li></ul><ul><li>Sendmail is one example, that when not properly configured allows anyone to send mail as president@whitehouse.gov. </li></ul>
  22. 27. <ul><li>Thanks! </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×