• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content







Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Presentation1 Presentation1 Presentation Transcript

    • Presentation
      IP Spoofing
    • Spoofing
      Is a situation in which One person or program Successfully inserts false Or misleading information in e-mail or Netnews headers.Also known as header forgery.
    • overview
      • TCP/IP-in brief
      • IP spoofing
      Basic overview
      IP spoofing-How it works
      Examples of spoofing attacks
      Mitnick attack
      Session Hijack
      Dos attack
      • Defending against the threat
      • Conclusion
    • TCP/IP
      • General use of term describes the architecture upon which the Interweb is built.
      • TCP and IP are specific protocols whithin that architecture.
    • TCP/IP
    • IP
      • IP is the internet layer protocol.
      • Does not guarantee delivery or ordering only does its
      best to packets from a source address to a destination address.
      • IP address are used to express the source and destination.
      • IP assumes that each address is unique whithin the network.
    • TCP
      • TCP is the transport layer protocol.
      • It guarantee delivery and ordering,but relies upon IP to move packets proper destination.
      • Port number are used to express source and destination.
      • Destination port is assumed to be awaiting packets of data.
    • IP Spoofing
      • Basically, IP spoofing is lying about an IP address.
      • Normally, the source address is incorrect.
      • Lying about the source lets an attacker assume a new identity.
      • Because the source address is not the same as the attacker’s address, any replies generated by
      • the destination will not be sent to the attacker.
    • IP Spoofing
      • Blind and non blind spoofing.
      • Attacker must have an alternate way to spy on traffic/predict response.
      • To maintain a connection,Attacker must adhere to protocol requirements.
    • IP Spoofing-how it works!!
      • IP spoofing used to take control of a session.
      • Attacker normally within a LAN/on the communication path between server and client.
      • Not blind,since the attacker can see traffic from both server and client.
    • Example of spoofing attacks
      • Mitnick Attack
      • Session Hijack
      • Dos Attack
    • Mitnick attack
      • Merry X-mas! Mitnick hacks a Diskless Workstation on December 25,1994
      • The victim-Tsutomu Shinomura
      • The attack-IP spoofing and abuse of trust ralationship between diskless terminal and login server.
    • Why Mitnick attack worked
      • Mitnick abused the trust ralationship between the server and workstation
      • He flooded the server to prevent communication between it and the workstation
      • Used math skillz to determine the TCP sequence number algorithm(i.e.add 128000)
      • This allowed Mitnick to open a connection without seeing the workstation outgoing
      sequence numbers and without the server interrupting his attack
    • Dos Attack
      • Denial of service(Dos) attack aimed preventing clients from accessing a service.
      • IP spoofing can be used to create Dos attacks.
    • Dos Attack
      • The attacker a large of requests from various IP addresses to fill services queue.
      • With the services queue filled,legitimate user’s cannot use the service.
      • Dos becomes more dangerous if spread to multiple computers.
    • IP Spoofing-Defending
      • IP spoofing can be defended against in a number of ways:
      • AS mentioned other in the architecture model may reveal spoofing.
      • TCP sequence numbers are often used in this manner
      • Makes if difficult to proper sequence number if the attacker is blind
      • Filtering
      • “Smart” routers can detect IP address that are outside its domain i.e. Egress filtering
      • “smart “ server block IP range that appear to be conducting a Dos i.e. Ingress filtering
    • IP Spoofing-Defending
      • Encryption And Authentication
      • Authentication is a mechanism where by the receiver of a transaction or message can be
      confident of the identity of sender and the integrity of message.
      • Use of encryption schemes.
      • Verification of identity of incoming packets.