SlideShare a Scribd company logo

ip_spoofing.pdf

L
LukePham1

1) The document describes using hping3 to spoof IP addresses and send ping requests to trick a target system. It shows how to capture packets using tcpdump and send spoofed packets using hping3. 2) When packets are sent while spoofing the source IP address, the target system responds to the spoofed IP instead of the actual source. This fails because the spoofed IP is not on the local network. 3) The document then demonstrates a ping flood attack by spoofing packets to appear to come from another system on the network, making that system unresponsive to ping requests.

Technology
1 of 4
Download to read offline
Collaborative Virtual Computer Lab (CVCLAB) Penn State Berks 1 of 4 IP Spoofing with hping3 In this activity, we will send ping requests to a target system, but then we will trick the target system to reply to another system by spoofing our IP address. We will use the default gateway as the target system. Check the default gateway IP address of your Backtrack machine by typing “route -n” as shown below. The route command displays the routing table of the system. This system’s default gateway IP is 192.168.4.1, and IP 0.0.0.0 indicates that all IP packets outside the local network (in this case, network 192.168.4.0) will be forwarded to IP 192.168.4.1. Record your default gateway IP as we will use it in the following steps as the target system IP (replace <target IP> with your default gateway in the following steps). Next, check the IP address of your Backtrack machine by typing "ifconfig" in the command- line and record it (replace <local IP> with your IP in the following steps). Record your information: <target IP>=____________ <local IP>= ____________ In the following steps, the examples are demonstrated for: <target IP>=192.168.4.1 <local IP>= 192.168.4.47 <spoofed IP>= 192.168.4.254 and 192.168.4.30 You should use your IP addresses when testing the steps.
Collaborative Virtual Computer Lab (CVCLAB) Penn State Berks 2 of 4 A. IP Spoofing with hping3 hping 3 is very powerful tool to test firewalls and routers. 1 Let us open two terminal windows in Backtrack. In one terminal window, we will capture packets to/from the <target IP> using tcpdump, and in the other window we will use hping3. 2 In the command-line of the first terminal window, type tcpdump host <target IP> -nnS to capture packets to/from the target system. We should use the -nn flag not to resolve hostnames and port number, which provides faster captures, and the -S flag to print obsolete sequence numbers. 3 Now, let us send three packets to target with the SYN flag on, by typing the following command in the second terminal window. hping3 -S <target IP> -c 3 The -c flag stands for the number packets to send and the -S flag sets SYN tcp flag on. We should expect to see the output for the hping3 command as shown in the following picture. We sent three packets to and received three packets from the target system. The output of the tcpdump is also given below (use Crtl+Z to stop capturing packets). We sent TCP packets with SYN flag (192.168.4.47.2825 > 192.168.4.1.0: Flags [S]) and the target responds back with the RST flag (192.168.4.1.0 > 192.168.4.47.2825:
Collaborative Virtual Computer Lab (CVCLAB) Penn State Berks 3 of 4 Flags [R.]), which means an abnormal session disconnection. In the output, the numbers following the IP addresses are port numbers. Now let us repeat the same experiment while spoofing the IP address of our computer. 3 If you stopped the tcpdump, start it again in the first terminal window by typing the following command (or use Up-Arrow ↑ to repeat the command) tcpdump host <target IP> -nnS 4 This time we will use the -a flag to spoof our IP address. In the second window, type the following command by replacing <spoofed IP> with your spoof IP from your network. hping3 -S <target IP> -a <spoofed IP> -c 3 This time, we sent three packets, but received no response of them back (100% packet loss!) as shown in the picture below. Note that the spoofed IP is 192.168.4.254 in this example. What happened the packets transmitted? To answer this question, we need to look at the tcpdump output as shown below. The first observation is -the target system assumes that packets are coming from 192.168.2.254. (192.168.4.254.2453 > 192.168.4.1.0: Flags [S]). Therefore, the target system responds back to 192.168.2.254, and it sends ARP requests to find the MAC address of this host (the poor target). Unfortunately, the spoofed IP is not in the network and no host reply to the ARP request (you may want to review Data Link Layer if you don't know the meaning of MAC address and ARP request)
Collaborative Virtual Computer Lab (CVCLAB) Penn State Berks 4 of 4 Now let us use IP spoofing with a ping flood to make a host unresponsive or very slow. We need to spoof the IP address of a machine currently running. For example, you can use your Windows 7 computer's IP as the <spoofed IP>. 1 Start your Windows 7 computer and figure out its ip address by typing ipconfig in the command prompt. We will use this IP as the <spoofed IP>. 2 This time we need three terminal windows in your Backtrack computer, one for tcpdump, one for hping3, and one for pinging the spoofed IP. Open a new terminal window and ping the spoofed IP three times to make sure that you can get a reply back as follows: ping <spoofed IP> -c 3 3 If you stopped the tcpdump, start it again in the first terminal window by typing the following command (or use Up-Arrow ↑ to repeat the command) tcpdump host <target IP> -nnS 4 This time we will send ping requests to the target IP, but we will spoof to the source address as follows. hping3 -1 --flood <target IP> -a <spoofed IP> The -1 option is to send icmp request (or ping request), the --flood option send many of packets in short time. 5 Quickly ping the spoofed IP again as follows. Can you get a reply back? How long does it take get a reply back? ping <spoofed IP> -c 3 6 Now check your tcpdump terminal window. What do you see? 7 Stop hping3 Crtl+C. Lab Report Questions: ● Explain why the spoofed IP does not reply back or reply back very slowly to ping requests in the last exercise? ● Include your screenshot of the hping3 command to flood the target IP with icmp requests and to make your Windows 7 machine very slow. ● Perform a web research and briefly discuss how to detect ip spoofing?

Recommended

Information gathering using windows command line utility
Information gathering using windows command line utilityInformation gathering using windows command line utility
Information gathering using windows command line utility
Vishal Kumar
 
Networking session-4-final by aravind.R
Networking session-4-final by aravind.RNetworking session-4-final by aravind.R
Networking session-4-final by aravind.R
Navaneethan Naveen
 
Network configuration
Network configurationNetwork configuration
Network configuration
engshemachi
 
Linux networking commands
Linux networking commandsLinux networking commands
Linux networking commands
Sayed Ahmed
 
Bypass pfsense
Bypass pfsenseBypass pfsense
Bypass pfsense
SalmenHAJJI1
 
ops300 Week8 gre
ops300 Week8 greops300 Week8 gre
ops300 Week8 gre
trayyoo
 
Networking lab
Networking labNetworking lab
Networking lab
Ragu Ram
 
Socket programming
Socket programming Socket programming
Socket programming
Rajivarnan (Rajiv)
 

Recommended

Information gathering using windows command line utility
Information gathering using windows command line utilityInformation gathering using windows command line utility
Information gathering using windows command line utility
Vishal Kumar
 
Networking session-4-final by aravind.R
Networking session-4-final by aravind.RNetworking session-4-final by aravind.R
Networking session-4-final by aravind.R
Navaneethan Naveen
 
Network configuration
Network configurationNetwork configuration
Network configuration
engshemachi
 
Linux networking commands
Linux networking commandsLinux networking commands
Linux networking commands
Sayed Ahmed
 
Bypass pfsense
Bypass pfsenseBypass pfsense
Bypass pfsense
SalmenHAJJI1
 
ops300 Week8 gre
ops300 Week8 greops300 Week8 gre
ops300 Week8 gre
trayyoo
 
Networking lab
Networking labNetworking lab
Networking lab
Ragu Ram
 
Socket programming
Socket programming Socket programming
Socket programming
Rajivarnan (Rajiv)
 
Socket programming in C
Socket programming in CSocket programming in C
Socket programming in C
Deepak Swain
 
Linux network configuration
Linux network configurationLinux network configuration
Linux network configuration
Mario Tabuada Mussio
 
MPI_Mprobe is good for you
MPI_Mprobe is good for youMPI_Mprobe is good for you
MPI_Mprobe is good for you
Jeff Squyres
 
Computer network (17)
Computer network (17)Computer network (17)
Computer network (17)
NYversity
 
Chap 05 ip addresses classfless
Chap 05 ip addresses classflessChap 05 ip addresses classfless
Chap 05 ip addresses classfless
Noctorous Jamal
 
Socket programming in c
Socket programming in cSocket programming in c
Socket programming in c
Md. Golam Hossain
 
Day2
Day2Day2
Day2
Jai4uk
 
7.2.1.8 lab using wireshark to observe the tcp 3-way handshake
7.2.1.8 lab using wireshark to observe the tcp 3-way handshake7.2.1.8 lab using wireshark to observe the tcp 3-way handshake
7.2.1.8 lab using wireshark to observe the tcp 3-way handshake
gabriel morillo
 
Configuration IPTables On CentOS 8
Configuration IPTables On CentOS 8Configuration IPTables On CentOS 8
Configuration IPTables On CentOS 8
Kaan Aslandağ
 
Subnetting (FLSM & VLSM) with examples
Subnetting (FLSM & VLSM) with examplesSubnetting (FLSM & VLSM) with examples
Subnetting (FLSM & VLSM) with examples
Krishna Mohan
 
Password Cracking with Rainbow Tables
Password Cracking with Rainbow TablesPassword Cracking with Rainbow Tables
Password Cracking with Rainbow Tables
Korhan Bircan
 
Partyhack 3.0 - Telegram bugbounty writeup
Partyhack 3.0 - Telegram bugbounty writeupPartyhack 3.0 - Telegram bugbounty writeup
Partyhack 3.0 - Telegram bugbounty writeup
Дмитрий Бумов
 
Linux Networking Commands
Linux Networking CommandsLinux Networking Commands
Linux Networking Commands
tmavroidis
 
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawBeginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Redspin, Inc.
 
Firewalld LAB
Firewalld LABFirewalld LAB
Firewalld LAB
Kaan Aslandağ
 
5.Dns Rpc Nfs 2
5.Dns Rpc Nfs 25.Dns Rpc Nfs 2
5.Dns Rpc Nfs 2
phanleson
 
5.Dns Rpc Nfs
5.Dns Rpc Nfs5.Dns Rpc Nfs
5.Dns Rpc Nfs
phanleson
 
Chap 20 smtp, pop, imap
Chap 20 smtp, pop, imapChap 20 smtp, pop, imap
Chap 20 smtp, pop, imap
Noctorous Jamal
 
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Ravi Rajput
 
Please help with the below 3 questions, the python script is at the.pdf
Please help with the below 3 questions, the python script is at the.pdfPlease help with the below 3 questions, the python script is at the.pdf
Please help with the below 3 questions, the python script is at the.pdf
support58
 
Tcp Ip Overview
Tcp Ip OverviewTcp Ip Overview
Tcp Ip Overview
Amir Malik
 
13_TCP_Attack.pptx
13_TCP_Attack.pptx13_TCP_Attack.pptx
13_TCP_Attack.pptx
AlmaOraevi
 

More Related Content

What's hot

Socket programming in C
Socket programming in CSocket programming in C
Socket programming in C
Deepak Swain
 
Linux network configuration
Linux network configurationLinux network configuration
Linux network configuration
Mario Tabuada Mussio
 
MPI_Mprobe is good for you
MPI_Mprobe is good for youMPI_Mprobe is good for you
MPI_Mprobe is good for you
Jeff Squyres
 
Computer network (17)
Computer network (17)Computer network (17)
Computer network (17)
NYversity
 
Chap 05 ip addresses classfless
Chap 05 ip addresses classflessChap 05 ip addresses classfless
Chap 05 ip addresses classfless
Noctorous Jamal
 
Socket programming in c
Socket programming in cSocket programming in c
Socket programming in c
Md. Golam Hossain
 
Day2
Day2Day2
Day2
Jai4uk
 
7.2.1.8 lab using wireshark to observe the tcp 3-way handshake
7.2.1.8 lab using wireshark to observe the tcp 3-way handshake7.2.1.8 lab using wireshark to observe the tcp 3-way handshake
7.2.1.8 lab using wireshark to observe the tcp 3-way handshake
gabriel morillo
 
Configuration IPTables On CentOS 8
Configuration IPTables On CentOS 8Configuration IPTables On CentOS 8
Configuration IPTables On CentOS 8
Kaan Aslandağ
 
Subnetting (FLSM & VLSM) with examples
Subnetting (FLSM & VLSM) with examplesSubnetting (FLSM & VLSM) with examples
Subnetting (FLSM & VLSM) with examples
Krishna Mohan
 
Password Cracking with Rainbow Tables
Password Cracking with Rainbow TablesPassword Cracking with Rainbow Tables
Password Cracking with Rainbow Tables
Korhan Bircan
 
Partyhack 3.0 - Telegram bugbounty writeup
Partyhack 3.0 - Telegram bugbounty writeupPartyhack 3.0 - Telegram bugbounty writeup
Partyhack 3.0 - Telegram bugbounty writeup
Дмитрий Бумов
 
Linux Networking Commands
Linux Networking CommandsLinux Networking Commands
Linux Networking Commands
tmavroidis
 
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawBeginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Redspin, Inc.
 
Firewalld LAB
Firewalld LABFirewalld LAB
Firewalld LAB
Kaan Aslandağ
 
5.Dns Rpc Nfs 2
5.Dns Rpc Nfs 25.Dns Rpc Nfs 2
5.Dns Rpc Nfs 2
phanleson
 
5.Dns Rpc Nfs
5.Dns Rpc Nfs5.Dns Rpc Nfs
5.Dns Rpc Nfs
phanleson
 
Chap 20 smtp, pop, imap
Chap 20 smtp, pop, imapChap 20 smtp, pop, imap
Chap 20 smtp, pop, imap
Noctorous Jamal
 
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Ravi Rajput
 

What's hot (19)

Socket programming in C
Socket programming in CSocket programming in C
Socket programming in C
 
Linux network configuration
Linux network configurationLinux network configuration
Linux network configuration
 
MPI_Mprobe is good for you
MPI_Mprobe is good for youMPI_Mprobe is good for you
MPI_Mprobe is good for you
 
Computer network (17)
Computer network (17)Computer network (17)
Computer network (17)
 
Chap 05 ip addresses classfless
Chap 05 ip addresses classflessChap 05 ip addresses classfless
Chap 05 ip addresses classfless
 
Socket programming in c
Socket programming in cSocket programming in c
Socket programming in c
 
Day2
Day2Day2
Day2
 
7.2.1.8 lab using wireshark to observe the tcp 3-way handshake
7.2.1.8 lab using wireshark to observe the tcp 3-way handshake7.2.1.8 lab using wireshark to observe the tcp 3-way handshake
7.2.1.8 lab using wireshark to observe the tcp 3-way handshake
 
Configuration IPTables On CentOS 8
Configuration IPTables On CentOS 8Configuration IPTables On CentOS 8
Configuration IPTables On CentOS 8
 
Subnetting (FLSM & VLSM) with examples
Subnetting (FLSM & VLSM) with examplesSubnetting (FLSM & VLSM) with examples
Subnetting (FLSM & VLSM) with examples
 
Password Cracking with Rainbow Tables
Password Cracking with Rainbow TablesPassword Cracking with Rainbow Tables
Password Cracking with Rainbow Tables
 
Partyhack 3.0 - Telegram bugbounty writeup
Partyhack 3.0 - Telegram bugbounty writeupPartyhack 3.0 - Telegram bugbounty writeup
Partyhack 3.0 - Telegram bugbounty writeup
 
Linux Networking Commands
Linux Networking CommandsLinux Networking Commands
Linux Networking Commands
 
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawBeginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
 
Firewalld LAB
Firewalld LABFirewalld LAB
Firewalld LAB
 
5.Dns Rpc Nfs 2
5.Dns Rpc Nfs 25.Dns Rpc Nfs 2
5.Dns Rpc Nfs 2
 
5.Dns Rpc Nfs
5.Dns Rpc Nfs5.Dns Rpc Nfs
5.Dns Rpc Nfs
 
Chap 20 smtp, pop, imap
Chap 20 smtp, pop, imapChap 20 smtp, pop, imap
Chap 20 smtp, pop, imap
 
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
 

Similar to ip_spoofing.pdf

Please help with the below 3 questions, the python script is at the.pdf
Please help with the below 3 questions, the python script is at the.pdfPlease help with the below 3 questions, the python script is at the.pdf
Please help with the below 3 questions, the python script is at the.pdf
support58
 
Tcp Ip Overview
Tcp Ip OverviewTcp Ip Overview
Tcp Ip Overview
Amir Malik
 
13_TCP_Attack.pptx
13_TCP_Attack.pptx13_TCP_Attack.pptx
13_TCP_Attack.pptx
AlmaOraevi
 
What are the specific ICMP errors that are generated during a tracero.docx
What are the specific ICMP errors that are generated during a tracero.docx What are the specific ICMP errors that are generated during a tracero.docx
What are the specific ICMP errors that are generated during a tracero.docx
ajoy21
 
Wireshark Lab IP v6.0Supplement to Computer Networking A Top-D.docx
Wireshark Lab IP v6.0Supplement to Computer Networking A Top-D.docxWireshark Lab IP v6.0Supplement to Computer Networking A Top-D.docx
Wireshark Lab IP v6.0Supplement to Computer Networking A Top-D.docx
alanfhall8953
 
Itep
ItepItep
Itep
Sofia Palawan
 
6005679.ppt
6005679.ppt6005679.ppt
6005679.ppt
AlmaOraevi
 
Saad baig practical file
Saad baig practical fileSaad baig practical file
Saad baig practical file
SaadBaig33
 
Osi model
Osi modelOsi model
Osi model
Anuj Kumar
 
Pt using packettracer
Pt using packettracerPt using packettracer
Pt using packettracer
ssusera4b34f
 
Icmp
IcmpIcmp
Icmp
Abhishek Kesharwani
 
Icmp
IcmpIcmp
Icmp
Abhishek Kesharwani
 
Code Red Security
Code Red SecurityCode Red Security
Code Red Security
Amr Ali
 
Type of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleType of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 example
Himani Singh
 
Communication networks_ARP
Communication networks_ARPCommunication networks_ARP
Communication networks_ARP
GouravSalla
 
3.7.10 Lab Use Wireshark to View Network Traffic
3.7.10 Lab Use Wireshark to View Network Traffic3.7.10 Lab Use Wireshark to View Network Traffic
3.7.10 Lab Use Wireshark to View Network Traffic
Rio Ap
 
Attacks and their mitigations
Attacks and their mitigationsAttacks and their mitigations
Attacks and their mitigations
Mukesh Chaudhari
 
Figure 3 TCP Session Hijacking Attack victims to execute the mali.pdf
Figure 3 TCP Session Hijacking Attack victims to execute the mali.pdfFigure 3 TCP Session Hijacking Attack victims to execute the mali.pdf
Figure 3 TCP Session Hijacking Attack victims to execute the mali.pdf
orderfabfirki
 
I use the below scapy code to sniff and then spoof on the IP addresses.pdf
I use the below scapy code to sniff and then spoof on the IP addresses.pdfI use the below scapy code to sniff and then spoof on the IP addresses.pdf
I use the below scapy code to sniff and then spoof on the IP addresses.pdf
MattU5mLambertq
 
Wireshark ip sept_15_2009
Wireshark ip sept_15_2009Wireshark ip sept_15_2009
Wireshark ip sept_15_2009
wab030
 

Similar to ip_spoofing.pdf (20)

Please help with the below 3 questions, the python script is at the.pdf
Please help with the below 3 questions, the python script is at the.pdfPlease help with the below 3 questions, the python script is at the.pdf
Please help with the below 3 questions, the python script is at the.pdf
 
Tcp Ip Overview
Tcp Ip OverviewTcp Ip Overview
Tcp Ip Overview
 
13_TCP_Attack.pptx
13_TCP_Attack.pptx13_TCP_Attack.pptx
13_TCP_Attack.pptx
 
What are the specific ICMP errors that are generated during a tracero.docx
What are the specific ICMP errors that are generated during a tracero.docx What are the specific ICMP errors that are generated during a tracero.docx
What are the specific ICMP errors that are generated during a tracero.docx
 
Wireshark Lab IP v6.0Supplement to Computer Networking A Top-D.docx
Wireshark Lab IP v6.0Supplement to Computer Networking A Top-D.docxWireshark Lab IP v6.0Supplement to Computer Networking A Top-D.docx
Wireshark Lab IP v6.0Supplement to Computer Networking A Top-D.docx
 
Itep
ItepItep
Itep
 
6005679.ppt
6005679.ppt6005679.ppt
6005679.ppt
 
Saad baig practical file
Saad baig practical fileSaad baig practical file
Saad baig practical file
 
Osi model
Osi modelOsi model
Osi model
 
Pt using packettracer
Pt using packettracerPt using packettracer
Pt using packettracer
 
Icmp
IcmpIcmp
Icmp
 
Icmp
IcmpIcmp
Icmp
 
Code Red Security
Code Red SecurityCode Red Security
Code Red Security
 
Type of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleType of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 example
 
Communication networks_ARP
Communication networks_ARPCommunication networks_ARP
Communication networks_ARP
 
3.7.10 Lab Use Wireshark to View Network Traffic
3.7.10 Lab Use Wireshark to View Network Traffic3.7.10 Lab Use Wireshark to View Network Traffic
3.7.10 Lab Use Wireshark to View Network Traffic
 
Attacks and their mitigations
Attacks and their mitigationsAttacks and their mitigations
Attacks and their mitigations
 
Figure 3 TCP Session Hijacking Attack victims to execute the mali.pdf
Figure 3 TCP Session Hijacking Attack victims to execute the mali.pdfFigure 3 TCP Session Hijacking Attack victims to execute the mali.pdf
Figure 3 TCP Session Hijacking Attack victims to execute the mali.pdf
 
I use the below scapy code to sniff and then spoof on the IP addresses.pdf
I use the below scapy code to sniff and then spoof on the IP addresses.pdfI use the below scapy code to sniff and then spoof on the IP addresses.pdf
I use the below scapy code to sniff and then spoof on the IP addresses.pdf
 
Wireshark ip sept_15_2009
Wireshark ip sept_15_2009Wireshark ip sept_15_2009
Wireshark ip sept_15_2009
 

Recently uploaded

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
Pixlogix Infotech
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Zilliz
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 

Recently uploaded (20)

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 

ip_spoofing.pdf

  • 1. Collaborative Virtual Computer Lab (CVCLAB) Penn State Berks 1 of 4 IP Spoofing with hping3 In this activity, we will send ping requests to a target system, but then we will trick the target system to reply to another system by spoofing our IP address. We will use the default gateway as the target system. Check the default gateway IP address of your Backtrack machine by typing “route -n” as shown below. The route command displays the routing table of the system. This system’s default gateway IP is 192.168.4.1, and IP 0.0.0.0 indicates that all IP packets outside the local network (in this case, network 192.168.4.0) will be forwarded to IP 192.168.4.1. Record your default gateway IP as we will use it in the following steps as the target system IP (replace <target IP> with your default gateway in the following steps). Next, check the IP address of your Backtrack machine by typing "ifconfig" in the command- line and record it (replace <local IP> with your IP in the following steps). Record your information: <target IP>=____________ <local IP>= ____________ In the following steps, the examples are demonstrated for: <target IP>=192.168.4.1 <local IP>= 192.168.4.47 <spoofed IP>= 192.168.4.254 and 192.168.4.30 You should use your IP addresses when testing the steps.
  • 2. Collaborative Virtual Computer Lab (CVCLAB) Penn State Berks 2 of 4 A. IP Spoofing with hping3 hping 3 is very powerful tool to test firewalls and routers. 1 Let us open two terminal windows in Backtrack. In one terminal window, we will capture packets to/from the <target IP> using tcpdump, and in the other window we will use hping3. 2 In the command-line of the first terminal window, type tcpdump host <target IP> -nnS to capture packets to/from the target system. We should use the -nn flag not to resolve hostnames and port number, which provides faster captures, and the -S flag to print obsolete sequence numbers. 3 Now, let us send three packets to target with the SYN flag on, by typing the following command in the second terminal window. hping3 -S <target IP> -c 3 The -c flag stands for the number packets to send and the -S flag sets SYN tcp flag on. We should expect to see the output for the hping3 command as shown in the following picture. We sent three packets to and received three packets from the target system. The output of the tcpdump is also given below (use Crtl+Z to stop capturing packets). We sent TCP packets with SYN flag (192.168.4.47.2825 > 192.168.4.1.0: Flags [S]) and the target responds back with the RST flag (192.168.4.1.0 > 192.168.4.47.2825:
  • 3. Collaborative Virtual Computer Lab (CVCLAB) Penn State Berks 3 of 4 Flags [R.]), which means an abnormal session disconnection. In the output, the numbers following the IP addresses are port numbers. Now let us repeat the same experiment while spoofing the IP address of our computer. 3 If you stopped the tcpdump, start it again in the first terminal window by typing the following command (or use Up-Arrow ↑ to repeat the command) tcpdump host <target IP> -nnS 4 This time we will use the -a flag to spoof our IP address. In the second window, type the following command by replacing <spoofed IP> with your spoof IP from your network. hping3 -S <target IP> -a <spoofed IP> -c 3 This time, we sent three packets, but received no response of them back (100% packet loss!) as shown in the picture below. Note that the spoofed IP is 192.168.4.254 in this example. What happened the packets transmitted? To answer this question, we need to look at the tcpdump output as shown below. The first observation is -the target system assumes that packets are coming from 192.168.2.254. (192.168.4.254.2453 > 192.168.4.1.0: Flags [S]). Therefore, the target system responds back to 192.168.2.254, and it sends ARP requests to find the MAC address of this host (the poor target). Unfortunately, the spoofed IP is not in the network and no host reply to the ARP request (you may want to review Data Link Layer if you don't know the meaning of MAC address and ARP request)
  • 4. Collaborative Virtual Computer Lab (CVCLAB) Penn State Berks 4 of 4 Now let us use IP spoofing with a ping flood to make a host unresponsive or very slow. We need to spoof the IP address of a machine currently running. For example, you can use your Windows 7 computer's IP as the <spoofed IP>. 1 Start your Windows 7 computer and figure out its ip address by typing ipconfig in the command prompt. We will use this IP as the <spoofed IP>. 2 This time we need three terminal windows in your Backtrack computer, one for tcpdump, one for hping3, and one for pinging the spoofed IP. Open a new terminal window and ping the spoofed IP three times to make sure that you can get a reply back as follows: ping <spoofed IP> -c 3 3 If you stopped the tcpdump, start it again in the first terminal window by typing the following command (or use Up-Arrow ↑ to repeat the command) tcpdump host <target IP> -nnS 4 This time we will send ping requests to the target IP, but we will spoof to the source address as follows. hping3 -1 --flood <target IP> -a <spoofed IP> The -1 option is to send icmp request (or ping request), the --flood option send many of packets in short time. 5 Quickly ping the spoofed IP again as follows. Can you get a reply back? How long does it take get a reply back? ping <spoofed IP> -c 3 6 Now check your tcpdump terminal window. What do you see? 7 Stop hping3 Crtl+C. Lab Report Questions: ● Explain why the spoofed IP does not reply back or reply back very slowly to ping requests in the last exercise? ● Include your screenshot of the hping3 command to flood the target IP with icmp requests and to make your Windows 7 machine very slow. ● Perform a web research and briefly discuss how to detect ip spoofing?