IP Spoofing


Published on

IP spoofing ppt

Published in: Technology

IP Spoofing

  2. 2. Precap…  What is spoofing  Types of spoofing  Ip spoofing  Ip spoofing attacks  Prevention of Ip spoofing  Ip spoofing applications  Reference
  3. 3. Spoofing  It is a situation in which one person or program successfully masquerades as another by falsifying information/data and thereby gaining an illegitimate advantage.
  4. 4. Types of spoofing  IP spoofing: Attacker uses IP address of another computer to acquire information or gain access from another network.  Email spoofing: Attacker sends email but makes it appear to come from someone else(reliable email).  Web spoofing: Attacker tricks web browser into communicating with a different web server than the user intended.
  5. 5. IP Spoofing A technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host trusted host B Intruder A C
  6. 6. IP Datagram • The job of IP is to route and send a packet to the packet's destination. • IP provides no guarantee , for the packets it tries to deliver. • IP is the internet layer protocol. Options and Padding Destination Address Total Length Fragment Offset Header ChecksumTime to Live Protocol Identification Type of Service Flags Version IHL Source Address 0 16 31
  7. 7. TCP Header 0 16 31 Source Port Destination Port Sequence Number Acknowledgement Number Window Urgent Pointer Options and Padding Checksum FlagsReservedData Offset TCP provides reliable and guaranteed delivery of packets.
  8. 8. IP Spoofing Mechanism Attacker selects a host (target/victim) Identify host that has trust relation with target Trusted host is impersonated(tcp seq. no. copied) Attacker successfully connects to the server Attacker executes commands & Controls system
  9. 9. Types of IP spoofing Attacks  Blind Spoofing Attack  Non-Blind Spoofing Attack  Man In The Middle Attack  Denial of Service (DOS) Attack
  10. 10. Usually the attacker does not have access to the reply. e.g. Host C sends an IP datagram with the address of some other host (Host A) as the source address to Host B. Attacked host (B) replies to the legitimate host (A) 1. Blind Spoofing
  11. 11. 2. Non-Blind Spoofing Takes place when the attacker is on the same subnet as the victim. This allows the attacker to sniff packets making the next sequence number available to him.
  12. 12. In these attacks, a malicious party intercepts a legitimate communication between two friendly parties. The malicious host then controls the flow of communication and can eliminate or alter the information sent by one of the original participants without the knowledge of either the original sender or the recipient. If an attacker controls a gateway that is in the delivery route, he can • intercept / block / delay traffic • sniff the traffic • modify traffic 3. Man In The MiddleAttack
  13. 13. 4.Denial of Service Attack •IP spoofing is always used in DOS attacks. •Attackers are concerned with consuming bandwidth and resources by flooding the target with as many packets as possible in a short amount of time.
  14. 14. DoS Attack Server Attacker Legitimate Users Interweb Fake IPs Service Requests Flood of Requests from Attacker Server queue full, legitimate requests get dropped Service Requests IP Spoofing Mechanism
  15. 15. Preventing IP spoofing attacks Filtering at the Router border: • Main idea is to check the Source IP address and validate it. • Look for invalid source IP addresses, and discard it. Use cryptographic network protocols: Transport Layer Security (TLS), Secure Shell (SSH), HTTP Secure (HTTPS) Disable Commands : Prevent from attacks by not using address-based authentication. Disable all the r* commands. Empty out the /etc/hosts.equiv file.
  16. 16. Network Address Translation(NAT) • Nat are used to alter the packet (address) as it passes over the network. • It keeps tracks of the mangled/altered data as it retranslates it when the reply packets are routed back
  17. 17. CONCLUSION  IP Spoofing is an old Hacker trick that continues to evolve.  Will continue to represent a threat as long as each layer continues to trust each other.
  18. 18. Any Questions ?