Your SlideShare is downloading. ×
Himanshupptx
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Himanshupptx

218
views

Published on

do not consider packet retransmission diagram its wrong...so edit it...:) …

do not consider packet retransmission diagram its wrong...so edit it...:)
DO MAKE CORRECTION IN DIAGRAMS I HAVE DONE THIS FOR SIMPLICITY ...:)

Published in: Education

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
218
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
18
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. IP-SPOOFING By- Himanshu Chaurishiya
  • 2. WHAT IS IP-SPOOFING ??? IP -> Internet Protocol.. Spoofing -> Hiding.. It is a trick played on servers to fool the targetcomputers into thinking that it is receiving data fromsource other than the trusted host. This Attack is actually a Trust-RelationshipExploitation.
  • 3. REAL LIFE EXAMPLE TO B is on lineEXPLAIN WHAT ISIP SPOOFING. A disguising his voice,making it sound more like that of B C A BIf we now,replace the 3 people by computers and changethe term “voice” with “IP-Address” then you would knowwhat we mean by IP-SPOOFING…
  • 4. IP Packet Header
  • 5. TCP Packet Header
  • 6. THE 3-WAY HANDSHAKE .. SYN SYN,ACK ACKCLIENT HOST
  • 7. IPSPOOFING
  • 8. IPSPOOFING
  • 9. THE K ATTAC1. Non-blind spoofing :This attack takes place when the attacker is on thesame subnet as the target that could see sequence andacknowledgement of packets. SYN S R SYN,ACK ACK A
  • 10. 2. Blind spoofingThis attack may take place from outside where sequenceand acknowledgement numbers are unreachable. Attackersusually send several packets to the target machine inorder to figure out sequence numbers, which is easy to doin older days. Since most OSs implement random sequencenumber generation today, it becomes more difficult topredict the sequence number accurately. If, however, thesequence number was compromised, data could be sent tothe target.
  • 11. 3. Denial of Service Attack : IP spoofing is almost always used in denial of service attacks (DoS), in which attackers are concerned with consuming bandwidth & resources by flooding the target with as many packets as possible in a short amount of time.
  • 12. 4.Man in the Middle AttackThis is also called connection hijacking. In this attacks, amalicious party intercepts a legitimate communicationbetween two hosts to controls the flow of communicationand to eliminate or alter the information sent by one of theoriginal participants without their knowledge. S A R
  • 13. WHY IP SPOOFING IS EASY ?• Problem with the Routers.• Routers look at Destination addresses only.• Authentication based on Source addresses only.• To change source address field in IP header field is easy.
  • 14. IO N E CTDET Routing Methods • Ingress filtering • Egress filtering Non-Routing Methods • IP Identification Number • Flow Control • Packet Retransmission •Traceroute
  • 15. Routing MethodRouters know IP addresses originate with whichnetwork interface. If the router receives IPPackets with external IP addresses on an internalinterface or vice versa its likely to be spoofed.Filtering:•Ingress filtering(inbound packets)-protectorg.from outside attacks.•Egress filtering(outbound packets)-preventinternal computers from being involved in SpoofingAttack
  • 16. Non-RoutingActive- verify that the packet was sent fromclaimed source, Method validate case.Passive- no such action, indicate packet wasspoofed.
  • 17. Identification Number(ID) Detect IP Spoofed Packet,when attacker is on same Subnet as Target. R S Detection as follows: Sen d Pa c k et •ID value should be near the Questionable packets. •ID value must be greaterID than the ID value invalues Questionable Packet. •If its Spoofed there value change rapidly.
  • 18. Flow ControlS R • If the Packets = Spoofed,then Sender =no recipient’s ACK Packets,will not respond to flow AC control. K •If the Recipient’s =no ACK ACK Packets,Sender Should Stop After the initial window size is exhausted. W.s. =(exc I eed)
  • 19. Contd.. S R ACK Another Way to Detect IP Spoofing. w=0 •We set W=0 ,in order to know ,ACK Sender is receiving or not. SYN •If W=0,and we get ACK with ACK some Data ,it means it’s likely to be Spoofed.
  • 20. Packet RetransmissionS R ACK TCP uses sequence number to determine which Packets have been ReSYN ACK. Method to Detect: •When Packet Receive with an ACK- number less then min expected,or greater than max expected,the ACK Packet Drops and as a way to resyn. The connection,send a reply with min expected Ack-number is sent. RST •After receiving ACK successfully next time sent RST in reply ,its spoofed.
  • 21. Contd.. FIREWALL Capture reply, and Prevent the internal host from seeing the reply ,and will Prevent an ACK-Storm .
  • 22. Traceroute Traceroute tells number of hops to the true source. Detection is as follows •If the Firewall blocks UDP packets it will count the Hops to the firewall. •If the packet is spoofed the number of Hops increase. (monitored site more hops away than true ).
  • 23. Backdoor
  • 24. t iv e ve n e s Pre sur M ea1.Packet Filtering2.Firewall3.Disable commands like Ping.4.Encryption
  • 25. Should arriving packet be allowed in? Departing packet let out?internal network connected to InternetRouter filter packets-by-packets, decision toforward/drop packets based on: --Source IP address, destination IP address. --TCP SYN and ACK bits.
  • 26. Oh sure, Don’tOur network worry. We have is secure, several right? firewalls
  • 27. CONCLUSIONIP-Spoofing is an exploitation of trust-basedrelationship and can be curbed effectively ifproper measures are used. Understandinghow and why spoofing attacks are used,combined with a few simple preventionmethods, can help protect networks fromthese malicious cloaking and crackingtechniques.
  • 28. AnyQueries?
  • 29. THANK YOU !