3. A technique used to gain unauthorized access to computers,
Where by the intruder sends messages to a computer with an
IP address indicating that the message is coming from a
trusted host.
trusted host
B
Intruder
A
C
4. Blind Spoofing : Several packets are sent to the target
machine in order to sample sequence numbers.
e.g.
Host C sends an IP datagram with the address of some other
host (Host A) as the source address to Host B. Attacked host
(B) replies to the legitimate host (A)
5. Non blind Spoofing: used when the attacker is on the
same subnet as the victim.
Attacker sniffs the packets and makes the sequence
and acknowledge numbers available.
6. Filtering at the Router border:
Main idea is to check the Source IP address and
validate it.
Look for invalid source IP addresses, and discard it.
Use cryptographic network protocols:
Transport Layer Security (TLS), Secure Shell (SSH), HTTP Secure
(HTTPS)
Disable Commands :
Prevent from attacks by not using address-based authentication.
Disable all the commands.
Empty out the /etc/hosts.equiv file.
7. A connection oriented transport layer protocol.
Two important features that we need are sequence no.
and the acknowledgement no.
Each party numbers the bytes sent with a different
starting byte no.
When data are sent in segments, a sequence no. Is
assigned to each segment, which is the no. of the first
byte in the segment.
An acknowledgement number is used to confirm the
bytes a host has received .The acknowledgement is
the number of the net byte expected by the host.
8. Attacker selects a host (target/victim)
Identify host that has trust relation with target
Trusted host is impersonated(tcp seq. no. copied)
Attacker successfully connects to the server
Attacker executes commands & Controls system
9. Although there is no easy solution for the IP spoofing
problem, we can apply some simple proactive and
reactive methods at the nodes, and use the routers in
the network to help detect a spoofed packet and trace
it back to its originating source.
IP Spoofing is a difficult problem to tackle, because it
is related to the IP packet structure.