• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
I P  S P O O F I N G







Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    I P  S P O O F I N G I P S P O O F I N G Presentation Transcript

    • IP SPOOFING Attacks & Defences By PRASAD R RAO
    • Outline
      • Introduction
      • IP Spoofing attacks
      • IP Spoofing defences
      • Conclusion
      • Introduction
    • Types of spoofing
      • IP spoofing : Attacker uses IP address of another computer to acquire information or gain access.
      • Email spoofing : Attacker sends email but makes it appear to come from someone else
      • Web spoofing : Attacker tricks web browser into communicating with a different web server than the user intended.
    • IP Spoofing
      • IP spoofing is the creation of tcp/ip packets with somebody else’s IP address in the header.
      • Routers use the destination IP address to forward packets, but ignore the source IP address.
      • The source IP address is used only by the destination machine, when it responds back to the source.
      • When an attacker spoofs someone’s IP address, the
      • victim’s reply goes back to that address.
      • Since the attacker does not receive packets back, this is called a one-way attack or blind spoofing .
      • To see the return packets, the attacker must intercept them.
    • IP Spoofing Attacks
      • Blind IP Spoofing
      • Man in the middle attack
      • Source routing
      • ICMP attacks
      • UDP attacks
      • TCP attacks
    • Blind IP Spoofing
      • Usually the attacker does not have access to the reply, abuse trust relationship between hosts.
      • For example: Host C sends an IP datagram with the address of some other host (Host A) as the source address to Host B. Attacked host (B) replies to the legitimate host (A).
    • Blind IP spoofing
    • Man in the middle attack
      • If an attacker controls a gateway that is in the delivery route, he can
      • Sniff the traffic
      • Intercept the traffic
      • Modify traffic
      • This is not easy in the internet because of hop by hop routing, unless source routing is used.
    • Source routing
      • Source routing is one of the IP options that allows the specification of an IP address that should be on the route for the packet delivery.
      • This allows someone to use a spoofed return address, and still see the traffic by placing his machine in the path .
      • Types of source routing:
      • Loose source routing ( LSR ): The sender specifies a list of some IP addresses that a packet must go through (it might go through more)
      • Strict source routing ( SSR ): The sender specifies the exact path a packet must take (if it is not possible the packet is dropped)
      • An attacker sends a packet to the destination with a spoofed address but specifies LSR and puts his IP address in the list.
      • An attacker could use source routing to learn more about a network that he or she is targeting for attack
      • The best way to protect against source
      • routing spoofing is to simply disable source routing at your routers.
    • ICMP Echo Attacks
      • Map the hosts of a network :The attack sends ICMP echo datagram to all the hosts in a subnet, then he collects the replies and determines which hosts are alive .
      • Denial of service attack (SMURF attack) :The attack sends spoofed (with victim‘s IP address) ICMP Echo Requests to subnets, the victim will get ICMP Echo Replies from every machine.
    • ICMP Redirect attacks
      • ICMP redirect messages can be used to re-route traffic on specific routes or to a specific host that is not a router at all.
      • The ICMP redirect attack is very simple: just send a spoofed ICMP redirect message that appears to come from the host‘s default gateway.
    • After ICMP redirect attack
    • UDP attacks
      • UDP is a connectionless protocol .There is no error checking or guaranteed delivery. UDP packets are very simple and are mainly used for low overhead protocols.
      • TCP is connection oriented and the TCP connection setup sequence number is hard to predicated .
      • UDP traffic is more vulnerable for IP spoofing than TCP.
    • TCP Attacks
      • The attack aims at impersonating another host mostly during the TCP connection establishment phase .
      • To spoof a TCP connection hacker needs to know via which algorithm the server generates its initial sequence
      • The hacker needs this to supply the correct number in its final ACK message confirming the connection and in all subsequent data packets .
    • IP Spoofing defences
      • Don’t rely on IP-based authentication.
      • Use router filters to prevent packets from
      • entering your network if they have a source
      • address from inside it.
      • Use router filters to prevent packets from leaving
      • your network if they have a source address from
      • outside it.
      • Use random initial sequence numbers. Prevents SN prediction .
      • IP spoofing is less of a threat today due to the use of random sequence numbering.
      • Many security experts are predicting a shift from IP spoofing attacks to application-related spoofing.
      • Sendmail is one example, that when not properly configured allows anyone to send mail as president@whitehouse.gov.
      • Thanks!