Published on

Published in: Education
1 Comment
  • free free download this latest version 100% working.
    download link- http://gg.gg/hqcf
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Web Spoofing <ul><li>By </li></ul><ul><li>Sanjeev </li></ul><ul><li>MBA (IT) </li></ul>
  2. 2. Spoofing <ul><li>is a situation in which one person or program successfully masquerades as another by falsifying information/data and thereby gaining an illegitimate advantage. </li></ul>
  3. 3. Types of Spoofing <ul><li>IP Spoof </li></ul><ul><li>Web Spoof </li></ul><ul><li>E-mail Spoof </li></ul><ul><li>Non Technical Spoof </li></ul>
  4. 4. IP Spoofing <ul><li>The creation of IP packets with a forged source. </li></ul><ul><li>The purpose of it is to conceal the identity of the sender or impersonating another computing system. </li></ul>
  5. 5. Uses of IP Spoofing <ul><li>Denial-of-service attack </li></ul><ul><ul><li>the goal is to flood the victim with overwhelming amounts of traffic. This prevents an internet site or service from functioning efficiently or at all, temporarily or indefinitely. </li></ul></ul>
  6. 6. Uses of IP Spoofing <ul><li>To defeat networks security </li></ul><ul><ul><li>Such as authentication based on IP addresses. </li></ul></ul><ul><ul><li>This type of attack is most effective where trust relationships exist between machines. </li></ul></ul><ul><ul><li>For example, some corporate networks have internal systems trust each other, a user can login without a username or password as long he is connecting from another machine on the internal network. By spoofing a connection from a trusted machine, an attacker may be able to access the target machine without authenticating. </li></ul></ul>
  7. 7. Defense against IP spoofing <ul><li>Packet filtering- one defense against IP spoofing </li></ul><ul><ul><li>Ingress filtering- blocking of packets from outside the network with a source address inside the network </li></ul></ul><ul><ul><li>Egress filtering –blocking outgoing packets from inside the network source address. </li></ul></ul>
  8. 8. Defense against IP spoofing <ul><li>Upper Layers </li></ul><ul><ul><li>Some upper layer protocols provide their own defense against IP spoofing. </li></ul></ul><ul><ul><li>For example, TCP uses sequence numbers negotiated with the remote machine to ensure that the arriving packets are part of an established connection. Since the attacker normally cant see any reply packets, he has to guess the sequence number in order to hijack the connection. </li></ul></ul>
  9. 9. Web Spoofing <ul><li>It’s a security attack that allows an adversary to observe and modify all web pages sent to the victim’s machine and observe all information entered into forms by the victim. </li></ul>
  10. 10. Web Spoofing <ul><li>The attack is initiated when a victim visits a malicious web page, or receives a malicious email message. </li></ul><ul><li>The attack is implemented using JavaScript and Web serves plug-ins. </li></ul>
  11. 11. Dangers of Web Spoofing <ul><li>After your browser has been fooled, the spoofed web server can send you fake web pages or prompt you to provide personal information such as login Id, password, or even credit card or bank account numbers. </li></ul>
  12. 12. How to prevent it <ul><li>Don’t click links in emails instead always copy and paste, or even better manually type the URL in. </li></ul><ul><li>When entering personal or sensitive information, verify the URL is as you expect, and the site’s SSL certificate matches that URL. </li></ul><ul><li>Understand why you’re providing the information-does it make sense? Does the site need to know your SSN? </li></ul>
  13. 13. Email Spoof <ul><li>E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. </li></ul>
  14. 14. Email Spoof with PHP function mail() <ul><li>The mail() function allows you to send mail. </li></ul><ul><li>bool mail ( string $to , string $subject , string $message [, string $additional_headers [, string $additional_parameters ]] ) </li></ul><ul><li>Example : www.rootspot.com/jose/mail </li></ul>
  15. 15. Email Spoof with telnet <ul><li>Open command prompt and type telnet <RemoteMailServer> 25 </li></ul><ul><li>mail from: your email id @ blah.com </li></ul><ul><li>rcpt to: recipient email id @ blah.com </li></ul>
  16. 16. Email Spoof Protection <ul><li>Double check the email you are replying to, make sure that the letters are what they truly seem. For example, l(lower case L) is not the same as I(upper case i). </li></ul><ul><li>Look at the IP information of the email header. If an email originated from inside your network, the sender should have very similar IP address. </li></ul>
  17. 17. Non-Technical Spoofing <ul><li>These non-computer based techniques are commonly referred to as social engineering. With social engineering, an attacker tries to convince someone that he is someone else. </li></ul><ul><li>This can be as simple as the attacker calling someone on the phone saying that he is a certain person. </li></ul>
  18. 18. Example of Non-Technical Spoofing <ul><li>An attacker calls the help desk to request a new account to be set up. The attacker pretends to be a new employee. </li></ul><ul><li>A “technician” walks into a building saying that he has been called to fix a broken computer. What business does not have a broken computer? </li></ul>
  19. 19. Why does Non-Technical Spoof Works. <ul><li>The main reason is that it exploits attributes of human behavior: trust is good and people love to talk. Most people assume that if someone is nice and pleasant, he must be honest. If an attacker can sound sincere and listen, you would be amazed at what people will tell him. </li></ul>
  20. 20. Non-Technical Spoof Protection <ul><li>Educate your users </li></ul><ul><ul><li>The help desk </li></ul></ul><ul><ul><li>Receptionist </li></ul></ul><ul><ul><li>Administrators </li></ul></ul><ul><li>Have proper policies: </li></ul><ul><ul><li>Password policy </li></ul></ul><ul><ul><li>Security policy </li></ul></ul>
  21. 21. Thank You Questions/Concerns??...