Your SlideShare is downloading. ×
0
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
I P  S P O O F I N G
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

I P S P O O F I N G

5,012

Published on

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
5,012
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
420
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. IP SPOOFING Attacks & Defences By PRASAD R RAO
  • 2. Outline <ul><li>Introduction </li></ul><ul><li>IP Spoofing attacks </li></ul><ul><li>IP Spoofing defences </li></ul><ul><li>Conclusion </li></ul>
  • 3. <ul><li>Introduction </li></ul>
  • 4. Types of spoofing <ul><li>IP spoofing : Attacker uses IP address of another computer to acquire information or gain access. </li></ul><ul><li>Email spoofing : Attacker sends email but makes it appear to come from someone else </li></ul><ul><li>Web spoofing : Attacker tricks web browser into communicating with a different web server than the user intended. </li></ul>
  • 5. IP Spoofing <ul><li>IP spoofing is the creation of tcp/ip packets with somebody else’s IP address in the header. </li></ul><ul><li>Routers use the destination IP address to forward packets, but ignore the source IP address. </li></ul><ul><li>The source IP address is used only by the destination machine, when it responds back to the source. </li></ul><ul><li>When an attacker spoofs someone’s IP address, the </li></ul><ul><li>victim’s reply goes back to that address. </li></ul>
  • 6. <ul><li>Since the attacker does not receive packets back, this is called a one-way attack or blind spoofing . </li></ul><ul><li>To see the return packets, the attacker must intercept them. </li></ul>
  • 7. IP Spoofing Attacks <ul><li>Blind IP Spoofing </li></ul><ul><li>Man in the middle attack </li></ul><ul><li>Source routing </li></ul><ul><li>ICMP attacks </li></ul><ul><li>UDP attacks </li></ul><ul><li>TCP attacks </li></ul>
  • 8. Blind IP Spoofing <ul><li>Usually the attacker does not have access to the reply, abuse trust relationship between hosts. </li></ul><ul><li>For example: Host C sends an IP datagram with the address of some other host (Host A) as the source address to Host B. Attacked host (B) replies to the legitimate host (A). </li></ul>
  • 9. Blind IP spoofing
  • 10. Man in the middle attack <ul><li>If an attacker controls a gateway that is in the delivery route, he can </li></ul><ul><li>Sniff the traffic </li></ul><ul><li>Intercept the traffic </li></ul><ul><li>Modify traffic </li></ul><ul><li>This is not easy in the internet because of hop by hop routing, unless source routing is used. </li></ul>
  • 11.  
  • 12. Source routing <ul><li>Source routing is one of the IP options that allows the specification of an IP address that should be on the route for the packet delivery. </li></ul><ul><li>This allows someone to use a spoofed return address, and still see the traffic by placing his machine in the path . </li></ul>
  • 13. <ul><li>Types of source routing: </li></ul><ul><li>Loose source routing ( LSR ): The sender specifies a list of some IP addresses that a packet must go through (it might go through more) </li></ul><ul><li>Strict source routing ( SSR ): The sender specifies the exact path a packet must take (if it is not possible the packet is dropped) </li></ul>
  • 14. <ul><li>An attacker sends a packet to the destination with a spoofed address but specifies LSR and puts his IP address in the list. </li></ul><ul><li>An attacker could use source routing to learn more about a network that he or she is targeting for attack </li></ul><ul><li>The best way to protect against source </li></ul><ul><li>routing spoofing is to simply disable source routing at your routers. </li></ul>
  • 15. ICMP Echo Attacks <ul><li>Map the hosts of a network :The attack sends ICMP echo datagram to all the hosts in a subnet, then he collects the replies and determines which hosts are alive . </li></ul><ul><li>Denial of service attack (SMURF attack) :The attack sends spoofed (with victim‘s IP address) ICMP Echo Requests to subnets, the victim will get ICMP Echo Replies from every machine. </li></ul>
  • 16.  
  • 17. ICMP Redirect attacks <ul><li>ICMP redirect messages can be used to re-route traffic on specific routes or to a specific host that is not a router at all. </li></ul><ul><li>The ICMP redirect attack is very simple: just send a spoofed ICMP redirect message that appears to come from the host‘s default gateway. </li></ul>
  • 18.  
  • 19. After ICMP redirect attack
  • 20. UDP attacks <ul><li>UDP is a connectionless protocol .There is no error checking or guaranteed delivery. UDP packets are very simple and are mainly used for low overhead protocols. </li></ul><ul><li>TCP is connection oriented and the TCP connection setup sequence number is hard to predicated . </li></ul><ul><li>UDP traffic is more vulnerable for IP spoofing than TCP. </li></ul>
  • 21.  
  • 22. TCP Attacks <ul><li>The attack aims at impersonating another host mostly during the TCP connection establishment phase . </li></ul><ul><li>To spoof a TCP connection hacker needs to know via which algorithm the server generates its initial sequence </li></ul><ul><li>The hacker needs this to supply the correct number in its final ACK message confirming the connection and in all subsequent data packets . </li></ul>
  • 23.  
  • 24. IP Spoofing defences <ul><li>Don’t rely on IP-based authentication. </li></ul><ul><li>Use router filters to prevent packets from </li></ul><ul><li>entering your network if they have a source </li></ul><ul><li>address from inside it. </li></ul><ul><li>Use router filters to prevent packets from leaving </li></ul><ul><li>your network if they have a source address from </li></ul><ul><li>outside it. </li></ul>
  • 25. <ul><li>Use random initial sequence numbers. Prevents SN prediction . </li></ul>
  • 26. CONCLUSION <ul><li>IP spoofing is less of a threat today due to the use of random sequence numbering. </li></ul><ul><li>Many security experts are predicting a shift from IP spoofing attacks to application-related spoofing. </li></ul><ul><li>Sendmail is one example, that when not properly configured allows anyone to send mail as president@whitehouse.gov. </li></ul>
  • 27. <ul><li>Thanks! </li></ul>

×