Your SlideShare is downloading. ×
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply



Published on

Published in: Technology
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. IP SPOOFING Attacks & Defences By PRASAD R RAO
  • 2. Outline
    • Introduction
    • IP Spoofing attacks
    • IP Spoofing defences
    • Conclusion
  • 3.
    • Introduction
  • 4. Types of spoofing
    • IP spoofing : Attacker uses IP address of another computer to acquire information or gain access.
    • Email spoofing : Attacker sends email but makes it appear to come from someone else
    • Web spoofing : Attacker tricks web browser into communicating with a different web server than the user intended.
  • 5. IP Spoofing
    • IP spoofing is the creation of tcp/ip packets with somebody else’s IP address in the header.
    • Routers use the destination IP address to forward packets, but ignore the source IP address.
    • The source IP address is used only by the destination machine, when it responds back to the source.
    • When an attacker spoofs someone’s IP address, the
    • victim’s reply goes back to that address.
  • 6.
    • Since the attacker does not receive packets back, this is called a one-way attack or blind spoofing .
    • To see the return packets, the attacker must intercept them.
  • 7. IP Spoofing Attacks
    • Blind IP Spoofing
    • Man in the middle attack
    • Source routing
    • ICMP attacks
    • UDP attacks
    • TCP attacks
  • 8. Blind IP Spoofing
    • Usually the attacker does not have access to the reply, abuse trust relationship between hosts.
    • For example: Host C sends an IP datagram with the address of some other host (Host A) as the source address to Host B. Attacked host (B) replies to the legitimate host (A).
  • 9. Blind IP spoofing
  • 10. Man in the middle attack
    • If an attacker controls a gateway that is in the delivery route, he can
    • Sniff the traffic
    • Intercept the traffic
    • Modify traffic
    • This is not easy in the internet because of hop by hop routing, unless source routing is used.
  • 11.  
  • 12. Source routing
    • Source routing is one of the IP options that allows the specification of an IP address that should be on the route for the packet delivery.
    • This allows someone to use a spoofed return address, and still see the traffic by placing his machine in the path .
  • 13.
    • Types of source routing:
    • Loose source routing ( LSR ): The sender specifies a list of some IP addresses that a packet must go through (it might go through more)
    • Strict source routing ( SSR ): The sender specifies the exact path a packet must take (if it is not possible the packet is dropped)
  • 14.
    • An attacker sends a packet to the destination with a spoofed address but specifies LSR and puts his IP address in the list.
    • An attacker could use source routing to learn more about a network that he or she is targeting for attack
    • The best way to protect against source
    • routing spoofing is to simply disable source routing at your routers.
  • 15. ICMP Echo Attacks
    • Map the hosts of a network :The attack sends ICMP echo datagram to all the hosts in a subnet, then he collects the replies and determines which hosts are alive .
    • Denial of service attack (SMURF attack) :The attack sends spoofed (with victim‘s IP address) ICMP Echo Requests to subnets, the victim will get ICMP Echo Replies from every machine.
  • 16.  
  • 17. ICMP Redirect attacks
    • ICMP redirect messages can be used to re-route traffic on specific routes or to a specific host that is not a router at all.
    • The ICMP redirect attack is very simple: just send a spoofed ICMP redirect message that appears to come from the host‘s default gateway.
  • 18.  
  • 19. After ICMP redirect attack
  • 20. UDP attacks
    • UDP is a connectionless protocol .There is no error checking or guaranteed delivery. UDP packets are very simple and are mainly used for low overhead protocols.
    • TCP is connection oriented and the TCP connection setup sequence number is hard to predicated .
    • UDP traffic is more vulnerable for IP spoofing than TCP.
  • 21.  
  • 22. TCP Attacks
    • The attack aims at impersonating another host mostly during the TCP connection establishment phase .
    • To spoof a TCP connection hacker needs to know via which algorithm the server generates its initial sequence
    • The hacker needs this to supply the correct number in its final ACK message confirming the connection and in all subsequent data packets .
  • 23.  
  • 24. IP Spoofing defences
    • Don’t rely on IP-based authentication.
    • Use router filters to prevent packets from
    • entering your network if they have a source
    • address from inside it.
    • Use router filters to prevent packets from leaving
    • your network if they have a source address from
    • outside it.
  • 25.
    • Use random initial sequence numbers. Prevents SN prediction .
    • IP spoofing is less of a threat today due to the use of random sequence numbering.
    • Many security experts are predicting a shift from IP spoofing attacks to application-related spoofing.
    • Sendmail is one example, that when not properly configured allows anyone to send mail as
  • 27.
    • Thanks!