SlideShare a Scribd company logo

Ipspoofing

Download as PPT, PDF
Akhil Kumar
Akhil Kumar
TechnologyEducation
1 of 25
IP SPOOFING By Ch. Rakesh Sharma
Overview ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
TCP/IP in 3 minute or less ,[object Object],[object Object]
TCP/IP in 3 minutes or less Application Transport Interweb Network Access Physical TCP IP
TCP/IP in 3 minute or less ,[object Object],[object Object],[object Object],[object Object]
TCP/IP in 3 minutes or less ,[object Object],[object Object],[object Object],[object Object]
IP Spoofing Sometimes on the internet, a girl named Alice is really a man named Yves
IP Spoofing – Overview ,[object Object],[object Object],[object Object]
IP Spoofing – Overview ,[object Object],[object Object],[object Object]
IP Spoofing – Overview ,[object Object],[object Object],[object Object],[object Object]
IP Spoofing – The Reset Victim - Bob Sucker - Alice Attacker - Eve 1. SYN – Let’s have a conversation 2. SYN ACK – Sure, what do you want to talk about? 3. RESET – Umm.. I have no idea why you are talking to me 4. No connection – Guess I need to take Bob out of the picture…
Types of Attacks in IP SPOOFING ,[object Object],[object Object],[object Object],[object Object]
IP Spoofing – Mitnick Attack ,[object Object],[object Object],[object Object]
Mitnick Attack 1. Mitnick Flood’s server’s login port so it can no longer respond 2. Mitnick Probes the Workstation to determine the behaviour of its TCP sequence number generator 3. Mitnick discovers that the TCP sequence number is incremented by 128000 each new connection 4. Mitnick forges a SYN from the server to the terminal 5. Terminals responds with an ACK, which is ignored by the flooded port (and not visible to Mitnick) Server Workstation Kevin Mitnick 6. Mitnick fakes the ACK using the proper TCP sequence number 7. Mitnick has now established a one way communications channel
IP Spoofing - Session Hijack ,[object Object],[object Object],[object Object]
Session Hijack Alice Bob Eve I’m Bob! I’m Alice! 1. Eve assumes a man-in-the-middle position through some mechanism. For example, Eve could use Arp Poisoning, social engineering, router hacking etc... 2. Eve can monitor traffic between Alice and Bob without altering the packets or sequence numbers. 3. At any point, Eve can assume the identity of either Bob or Alice through the Spoofed IP address. This breaks the pseudo connection as Eve will start modifying the sequence numbers
IP Spoofing – DoS/DDoS ,[object Object],[object Object]
DoS Attack Server Attacker Legitimate Users Interweb Fake IPs Service Requests Flood of Requests from Attacker Server queue full, legitimate requests get dropped Service Requests
DoS Attack ,[object Object],[object Object]
DDoS Attack Server (already DoS’d) Attacker Target Servers Interweb 1. Attacker makes large number of SYN connection requests to target servers on behalf of a DoS’d server 2. Servers send SYN ACK to spoofed server, which cannot respond as it is already DoS’d. Queue’s quickly fill, as each connection request will have to go through a process of sending several SYN ACKs before it times out SYN SYN SYN SYN SYN ACK SYN ACK SYN ACK SYN ACK Queue Full
DDoS Attack ,[object Object],[object Object]
IP Spoofing – Defending ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Conclusion ,[object Object],[object Object],[object Object]
 
 

Recommended

I P S P O O F I N G
I P S P O O F I N GI P S P O O F I N G
I P S P O O F I N G
avinashkanchan
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
arpit.arp
 
ip spoofing
ip spoofingip spoofing
ip spoofing
mohan babu
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
Roushan Jha
 
Presentation1
Presentation1Presentation1
Presentation1
Rahul Polara
 
Spoofing
SpoofingSpoofing
Spoofing
Greater Noida Institute Of Technology
 
IP Spoofing
IP SpoofingIP Spoofing
IP Spoofing
Akmal Hussain
 
My ppt..priya
My ppt..priyaMy ppt..priya
My ppt..priya
priya_kp03
 

Recommended

I P S P O O F I N G
I P S P O O F I N GI P S P O O F I N G
I P S P O O F I N G
avinashkanchan
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
arpit.arp
 
ip spoofing
ip spoofingip spoofing
ip spoofing
mohan babu
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
Roushan Jha
 
Presentation1
Presentation1Presentation1
Presentation1
Rahul Polara
 
Spoofing
SpoofingSpoofing
Spoofing
Greater Noida Institute Of Technology
 
IP Spoofing
IP SpoofingIP Spoofing
IP Spoofing
Akmal Hussain
 
My ppt..priya
My ppt..priyaMy ppt..priya
My ppt..priya
priya_kp03
 
Ip spoofing attacks
Ip spoofing attacksIp spoofing attacks
Ip spoofing attacks
Apijay Kumar
 
Spoofing Techniques
Spoofing TechniquesSpoofing Techniques
Spoofing Techniques
Raza_Abidi
 
Himanshupptx
HimanshupptxHimanshupptx
Himanshupptx
Himanshu Chaurishiya
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
Dhrumil Shah
 
Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing ppt
Anushakp9
 
Packet sniffing
Packet sniffingPacket sniffing
Packet sniffing
Shyama Bhuvanendran
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle Attack
Deepak Upadhyay
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
Kunal Thakur
 
Spoofing attack: Learn about Email spoofing, IP address spoofing and many other
Spoofing attack: Learn about Email spoofing, IP address spoofing and many otherSpoofing attack: Learn about Email spoofing, IP address spoofing and many other
Spoofing attack: Learn about Email spoofing, IP address spoofing and many other
Pankaj Dubey
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
OWASP Foundation
 
ip spoofing
ip spoofingip spoofing
ip spoofing
vipin soni
 
Packet sniffers
Packet sniffers Packet sniffers
Packet sniffers
Ravi Teja Reddy
 
Spoofing
SpoofingSpoofing
Spoofing
Sanjeev
 
Man in the middle attack (mitm)
Man in the middle attack (mitm)Man in the middle attack (mitm)
Man in the middle attack (mitm)
Hemal Joshi
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
Jignesh Patel
 
Iot Security
Iot SecurityIot Security
Iot Security
MAITREYA MISRA
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service Attack
Dhrumil Panchal
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
Deepak Pareek
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
Online
 
PHISHING PROTECTION
PHISHING PROTECTIONPHISHING PROTECTION
PHISHING PROTECTION
Sylvain Martinez
 
BasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet FiltersBasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet Filters
bhasker nalaveli
 
IP spoofing attacks & defence
IP spoofing attacks & defenceIP spoofing attacks & defence
IP spoofing attacks & defence
visor999
 

More Related Content

What's hot

Ip spoofing attacks
Ip spoofing attacksIp spoofing attacks
Ip spoofing attacks
Apijay Kumar
 
Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing ppt
Anushakp9
 
Spoofing
SpoofingSpoofing
Spoofing
Sanjeev
 

What's hot (20)

Ip spoofing attacks
Ip spoofing attacksIp spoofing attacks
Ip spoofing attacks
 
Spoofing Techniques
Spoofing TechniquesSpoofing Techniques
Spoofing Techniques
 
Himanshupptx
HimanshupptxHimanshupptx
Himanshupptx
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
 
Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing ppt
 
Packet sniffing
Packet sniffingPacket sniffing
Packet sniffing
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle Attack
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
 
Spoofing attack: Learn about Email spoofing, IP address spoofing and many other
Spoofing attack: Learn about Email spoofing, IP address spoofing and many otherSpoofing attack: Learn about Email spoofing, IP address spoofing and many other
Spoofing attack: Learn about Email spoofing, IP address spoofing and many other
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
 
ip spoofing
ip spoofingip spoofing
ip spoofing
 
Packet sniffers
Packet sniffers Packet sniffers
Packet sniffers
 
Spoofing
SpoofingSpoofing
Spoofing
 
Man in the middle attack (mitm)
Man in the middle attack (mitm)Man in the middle attack (mitm)
Man in the middle attack (mitm)
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Iot Security
Iot SecurityIot Security
Iot Security
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service Attack
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
 
PHISHING PROTECTION
PHISHING PROTECTIONPHISHING PROTECTION
PHISHING PROTECTION
 

Viewers also liked

BasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet FiltersBasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet Filters
bhasker nalaveli
 
IP spoofing attacks & defence
IP spoofing attacks & defenceIP spoofing attacks & defence
IP spoofing attacks & defence
visor999
 
A Novel IP Traceback Scheme for Spoofing Attack
A Novel IP Traceback Scheme for Spoofing AttackA Novel IP Traceback Scheme for Spoofing Attack
A Novel IP Traceback Scheme for Spoofing Attack
IJAEMSJORNAL
 
Proposed Methods of IP Spoofing Detection & Prevention
Proposed Methods of IP Spoofing Detection & Prevention Proposed Methods of IP Spoofing Detection & Prevention
Proposed Methods of IP Spoofing Detection & Prevention
International Journal of Science and Research (IJSR)
 
Ip spoofing (seminar report)
Ip spoofing (seminar report)Ip spoofing (seminar report)
Ip spoofing (seminar report)
Rahul Polara
 
Best topics for seminar
Best topics for seminarBest topics for seminar
Best topics for seminar
shilpi nagpal
 

Viewers also liked (15)

BasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet FiltersBasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet Filters
 
IP spoofing attacks & defence
IP spoofing attacks & defenceIP spoofing attacks & defence
IP spoofing attacks & defence
 
Spoofing Attacks حملات جعل هویت
Spoofing Attacks حملات جعل هویت Spoofing Attacks حملات جعل هویت
Spoofing Attacks حملات جعل هویت
 
A Novel IP Traceback Scheme for Spoofing Attack
A Novel IP Traceback Scheme for Spoofing AttackA Novel IP Traceback Scheme for Spoofing Attack
A Novel IP Traceback Scheme for Spoofing Attack
 
Kipp Berdiansky on Tcp syn flooding and ip spoofing attacks
Kipp Berdiansky on Tcp syn flooding and ip spoofing attacksKipp Berdiansky on Tcp syn flooding and ip spoofing attacks
Kipp Berdiansky on Tcp syn flooding and ip spoofing attacks
 
Proposed Methods of IP Spoofing Detection & Prevention
Proposed Methods of IP Spoofing Detection & Prevention Proposed Methods of IP Spoofing Detection & Prevention
Proposed Methods of IP Spoofing Detection & Prevention
 
Voice morphing-101113123852-phpapp01
Voice morphing-101113123852-phpapp01Voice morphing-101113123852-phpapp01
Voice morphing-101113123852-phpapp01
 
Ip spoofing (seminar report)
Ip spoofing (seminar report)Ip spoofing (seminar report)
Ip spoofing (seminar report)
 
Nagios Conference 2013 - William Leibzon - SNMP Protocol and Nagios Plugins
Nagios Conference 2013 - William Leibzon - SNMP Protocol and Nagios PluginsNagios Conference 2013 - William Leibzon - SNMP Protocol and Nagios Plugins
Nagios Conference 2013 - William Leibzon - SNMP Protocol and Nagios Plugins
 
Seven wonders of the world
Seven wonders of the world Seven wonders of the world
Seven wonders of the world
 
Introduction to Firebase [Google I/O Extended Bangkok 2016]
Introduction to Firebase [Google I/O Extended Bangkok 2016]Introduction to Firebase [Google I/O Extended Bangkok 2016]
Introduction to Firebase [Google I/O Extended Bangkok 2016]
 
3D Password PPT
3D Password PPT3D Password PPT
3D Password PPT
 
Indian culture
Indian cultureIndian culture
Indian culture
 
3d password ppt
3d password ppt3d password ppt
3d password ppt
 
Best topics for seminar
Best topics for seminarBest topics for seminar
Best topics for seminar
 

Similar to Ipspoofing

Oss web application and network security
Oss web application and network securityOss web application and network security
Oss web application and network security
Rishabh Mehan
 
Internet Security
Internet SecurityInternet Security
Internet Security
Peter R. Egli
 
Efficient packet marking for large scale ip trace back(synopsis)
Efficient packet marking for large scale ip trace back(synopsis)Efficient packet marking for large scale ip trace back(synopsis)
Efficient packet marking for large scale ip trace back(synopsis)
Mumbai Academisc
 

Similar to Ipspoofing (20)

Sudheer tech seminor
Sudheer tech seminorSudheer tech seminor
Sudheer tech seminor
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Cisco
 
12 types of DDoS attacks
12 types of DDoS attacks12 types of DDoS attacks
12 types of DDoS attacks
 
Lecture 7 Attacker and there tools.pptx
Lecture 7 Attacker and there tools.pptxLecture 7 Attacker and there tools.pptx
Lecture 7 Attacker and there tools.pptx
 
Ip spoofing & types of attachs using it
Ip spoofing & types of attachs using itIp spoofing & types of attachs using it
Ip spoofing & types of attachs using it
 
BADCamp 2017 - Anatomy of DDoS
BADCamp 2017 - Anatomy of DDoSBADCamp 2017 - Anatomy of DDoS
BADCamp 2017 - Anatomy of DDoS
 
Module 10 (session hijacking)
Module 10 (session hijacking)Module 10 (session hijacking)
Module 10 (session hijacking)
 
spoofing.ppt
spoofing.pptspoofing.ppt
spoofing.ppt
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKS
 
Oss web application and network security
Oss web application and network securityOss web application and network security
Oss web application and network security
 
DDoS-bdNOG
DDoS-bdNOGDDoS-bdNOG
DDoS-bdNOG
 
Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingCeh v5 module 10 session hijacking
Ceh v5 module 10 session hijacking
 
Isys20261 lecture 07
Isys20261 lecture 07Isys20261 lecture 07
Isys20261 lecture 07
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
Network Attacks and Countermeasures
Network Attacks and CountermeasuresNetwork Attacks and Countermeasures
Network Attacks and Countermeasures
 
IP spoofing .pptx
IP spoofing .pptxIP spoofing .pptx
IP spoofing .pptx
 
Network security
Network securityNetwork security
Network security
 
Network Security
Network SecurityNetwork Security
Network Security
 
Efficient packet marking for large scale ip trace back(synopsis)
Efficient packet marking for large scale ip trace back(synopsis)Efficient packet marking for large scale ip trace back(synopsis)
Efficient packet marking for large scale ip trace back(synopsis)
 
Dos.pptx
Dos.pptxDos.pptx
Dos.pptx
 

More from Akhil Kumar

Edp section of solids
Edp section of solidsEdp section of solids
Edp section of solids
Akhil Kumar
 
Edp projection of solids
Edp projection of solidsEdp projection of solids
Edp projection of solids
Akhil Kumar
 
Edp projection of planes
Edp projection of planesEdp projection of planes
Edp projection of planes
Akhil Kumar
 
Edp projection of lines
Edp projection of linesEdp projection of lines
Edp projection of lines
Akhil Kumar
 
Edp ortographic projection
Edp ortographic projectionEdp ortographic projection
Edp ortographic projection
Akhil Kumar
 
Edp intersection
Edp intersectionEdp intersection
Edp intersection
Akhil Kumar
 
Edp ellipse by gen method
Edp ellipse by gen methodEdp ellipse by gen method
Edp ellipse by gen method
Akhil Kumar
 
Edp development of surfaces of solids
Edp development of surfaces of solidsEdp development of surfaces of solids
Edp development of surfaces of solids
Akhil Kumar
 
Edp typical problem
Edp typical problemEdp typical problem
Edp typical problem
Akhil Kumar
 
Edp st line(new)
Edp st line(new)Edp st line(new)
Edp st line(new)
Akhil Kumar
 
graphical password authentication
graphical password authenticationgraphical password authentication
graphical password authentication
Akhil Kumar
 

More from Akhil Kumar (20)

Edp section of solids
Edp section of solidsEdp section of solids
Edp section of solids
 
Edp scales
Edp scalesEdp scales
Edp scales
 
Edp projection of solids
Edp projection of solidsEdp projection of solids
Edp projection of solids
 
Edp projection of planes
Edp projection of planesEdp projection of planes
Edp projection of planes
 
Edp projection of lines
Edp projection of linesEdp projection of lines
Edp projection of lines
 
Edp ortographic projection
Edp ortographic projectionEdp ortographic projection
Edp ortographic projection
 
Edp isometric
Edp isometricEdp isometric
Edp isometric
 
Edp intersection
Edp intersectionEdp intersection
Edp intersection
 
Edp excerciseeg
Edp excerciseegEdp excerciseeg
Edp excerciseeg
 
Edp ellipse by gen method
Edp ellipse by gen methodEdp ellipse by gen method
Edp ellipse by gen method
 
Edp development of surfaces of solids
Edp development of surfaces of solidsEdp development of surfaces of solids
Edp development of surfaces of solids
 
Edp curves2
Edp curves2Edp curves2
Edp curves2
 
Edp curve1
Edp curve1Edp curve1
Edp curve1
 
Edp typical problem
Edp typical problemEdp typical problem
Edp typical problem
 
Edp st line(new)
Edp st line(new)Edp st line(new)
Edp st line(new)
 
graphical password authentication
graphical password authenticationgraphical password authentication
graphical password authentication
 
yii framework
yii frameworkyii framework
yii framework
 
cloud computing
cloud computingcloud computing
cloud computing
 
WORDPRESS
WORDPRESSWORDPRESS
WORDPRESS
 
AJAX
AJAXAJAX
AJAX
 

Recently uploaded

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
Hiroshi SHIBATA
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
Stephen Perrenod
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 

Recently uploaded (20)

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideCollecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 

Ipspoofing

  • 1. IP SPOOFING By Ch. Rakesh Sharma
  • 2.
  • 3.
  • 4. TCP/IP in 3 minutes or less Application Transport Interweb Network Access Physical TCP IP
  • 5.
  • 6.
  • 7. IP Spoofing Sometimes on the internet, a girl named Alice is really a man named Yves
  • 8.
  • 9.
  • 10.
  • 11. IP Spoofing – The Reset Victim - Bob Sucker - Alice Attacker - Eve 1. SYN – Let’s have a conversation 2. SYN ACK – Sure, what do you want to talk about? 3. RESET – Umm.. I have no idea why you are talking to me 4. No connection – Guess I need to take Bob out of the picture…
  • 12.
  • 13.
  • 14. Mitnick Attack 1. Mitnick Flood’s server’s login port so it can no longer respond 2. Mitnick Probes the Workstation to determine the behaviour of its TCP sequence number generator 3. Mitnick discovers that the TCP sequence number is incremented by 128000 each new connection 4. Mitnick forges a SYN from the server to the terminal 5. Terminals responds with an ACK, which is ignored by the flooded port (and not visible to Mitnick) Server Workstation Kevin Mitnick 6. Mitnick fakes the ACK using the proper TCP sequence number 7. Mitnick has now established a one way communications channel
  • 15.
  • 16. Session Hijack Alice Bob Eve I’m Bob! I’m Alice! 1. Eve assumes a man-in-the-middle position through some mechanism. For example, Eve could use Arp Poisoning, social engineering, router hacking etc... 2. Eve can monitor traffic between Alice and Bob without altering the packets or sequence numbers. 3. At any point, Eve can assume the identity of either Bob or Alice through the Spoofed IP address. This breaks the pseudo connection as Eve will start modifying the sequence numbers
  • 17.
  • 18. DoS Attack Server Attacker Legitimate Users Interweb Fake IPs Service Requests Flood of Requests from Attacker Server queue full, legitimate requests get dropped Service Requests
  • 19.
  • 20. DDoS Attack Server (already DoS’d) Attacker Target Servers Interweb 1. Attacker makes large number of SYN connection requests to target servers on behalf of a DoS’d server 2. Servers send SYN ACK to spoofed server, which cannot respond as it is already DoS’d. Queue’s quickly fill, as each connection request will have to go through a process of sending several SYN ACKs before it times out SYN SYN SYN SYN SYN ACK SYN ACK SYN ACK SYN ACK Queue Full
  • 21.
  • 22.
  • 23.
  • 24.  
  • 25.