• Like
I P  S P O O F I N G
Upcoming SlideShare
Loading in...5
×
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
4,658
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
367
Comments
0
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. IP SPOOFING Attacks & Defences By PRASAD R RAO
  • 2. Outline
    • Introduction
    • IP Spoofing attacks
    • IP Spoofing defences
    • Conclusion
  • 3.
    • Introduction
  • 4. Types of spoofing
    • IP spoofing : Attacker uses IP address of another computer to acquire information or gain access.
    • Email spoofing : Attacker sends email but makes it appear to come from someone else
    • Web spoofing : Attacker tricks web browser into communicating with a different web server than the user intended.
  • 5. IP Spoofing
    • IP spoofing is the creation of tcp/ip packets with somebody else’s IP address in the header.
    • Routers use the destination IP address to forward packets, but ignore the source IP address.
    • The source IP address is used only by the destination machine, when it responds back to the source.
    • When an attacker spoofs someone’s IP address, the
    • victim’s reply goes back to that address.
  • 6.
    • Since the attacker does not receive packets back, this is called a one-way attack or blind spoofing .
    • To see the return packets, the attacker must intercept them.
  • 7. IP Spoofing Attacks
    • Blind IP Spoofing
    • Man in the middle attack
    • Source routing
    • ICMP attacks
    • UDP attacks
    • TCP attacks
  • 8. Blind IP Spoofing
    • Usually the attacker does not have access to the reply, abuse trust relationship between hosts.
    • For example: Host C sends an IP datagram with the address of some other host (Host A) as the source address to Host B. Attacked host (B) replies to the legitimate host (A).
  • 9. Blind IP spoofing
  • 10. Man in the middle attack
    • If an attacker controls a gateway that is in the delivery route, he can
    • Sniff the traffic
    • Intercept the traffic
    • Modify traffic
    • This is not easy in the internet because of hop by hop routing, unless source routing is used.
  • 11.  
  • 12. Source routing
    • Source routing is one of the IP options that allows the specification of an IP address that should be on the route for the packet delivery.
    • This allows someone to use a spoofed return address, and still see the traffic by placing his machine in the path .
  • 13.
    • Types of source routing:
    • Loose source routing ( LSR ): The sender specifies a list of some IP addresses that a packet must go through (it might go through more)
    • Strict source routing ( SSR ): The sender specifies the exact path a packet must take (if it is not possible the packet is dropped)
  • 14.
    • An attacker sends a packet to the destination with a spoofed address but specifies LSR and puts his IP address in the list.
    • An attacker could use source routing to learn more about a network that he or she is targeting for attack
    • The best way to protect against source
    • routing spoofing is to simply disable source routing at your routers.
  • 15. ICMP Echo Attacks
    • Map the hosts of a network :The attack sends ICMP echo datagram to all the hosts in a subnet, then he collects the replies and determines which hosts are alive .
    • Denial of service attack (SMURF attack) :The attack sends spoofed (with victim‘s IP address) ICMP Echo Requests to subnets, the victim will get ICMP Echo Replies from every machine.
  • 16.  
  • 17. ICMP Redirect attacks
    • ICMP redirect messages can be used to re-route traffic on specific routes or to a specific host that is not a router at all.
    • The ICMP redirect attack is very simple: just send a spoofed ICMP redirect message that appears to come from the host‘s default gateway.
  • 18.  
  • 19. After ICMP redirect attack
  • 20. UDP attacks
    • UDP is a connectionless protocol .There is no error checking or guaranteed delivery. UDP packets are very simple and are mainly used for low overhead protocols.
    • TCP is connection oriented and the TCP connection setup sequence number is hard to predicated .
    • UDP traffic is more vulnerable for IP spoofing than TCP.
  • 21.  
  • 22. TCP Attacks
    • The attack aims at impersonating another host mostly during the TCP connection establishment phase .
    • To spoof a TCP connection hacker needs to know via which algorithm the server generates its initial sequence
    • The hacker needs this to supply the correct number in its final ACK message confirming the connection and in all subsequent data packets .
  • 23.  
  • 24. IP Spoofing defences
    • Don’t rely on IP-based authentication.
    • Use router filters to prevent packets from
    • entering your network if they have a source
    • address from inside it.
    • Use router filters to prevent packets from leaving
    • your network if they have a source address from
    • outside it.
  • 25.
    • Use random initial sequence numbers. Prevents SN prediction .
  • 26. CONCLUSION
    • IP spoofing is less of a threat today due to the use of random sequence numbering.
    • Many security experts are predicting a shift from IP spoofing attacks to application-related spoofing.
    • Sendmail is one example, that when not properly configured allows anyone to send mail as president@whitehouse.gov.
  • 27.
    • Thanks!