it is a precise and well designed presentation regarding the topic "IP SPOOFING".It can be useful for any computer science student seeking a good topic for papre presentation.
2. AGENDA…
1.What is IP Spoofing???#4.WHAT IS IP
SPOOFING???
2.Why is IP Spoofing so easy? WHY IS IP
SPOOFING EASY??
3.Kinds of IP Spoofing. KINDS OF IP Spoofing..
4. A brief idea regarding TCP header.TCP
HEADER…
5.Mechanism of IP Spoofing. MECHANISM OF
IP SPOOFING
6.Prevention of IP Spoofing. PREVENTION OF IP
SPOOFING
4. WHAT IS IP SPOOFING???
The attacker uses an unauthorised internet
protocol address(IP address) making itself
appear as a trusted machine .
Prime weakness of IP address based networks.
Attacker does not care about receiving
packets(Denial of Service) or it has some way
of guessing the response.
Attacker may use an internal IP address or an
authorised IP address from an external
network.
5. WHY IS IP SPOOFING POSSIBLE??
None of the fields in an IP header are encrypted.
Easy to set an arbitrary destination address.
The destination has no way to ascertain that the
datagram has actually originated from an IP
address other than the one in the source address
field.
Routers look at Destination addresses only.
6. KINDS OF IP Spoofing..
Nonblind Spoofing: used when the attacker is
on the same subnet as the victim.
Attacker sniffs the packets and makes the
sequence and acknowledge numbers available.
7. CONTINUED..
Blind Spoofing : Several packets are sent to
the target machine in order to sample sequence
numbers.
Host c sends an IP datagram with the address
of some other host(host A) as the source address
to host B. Attacked host(B) replies to the
legitimate host(A).
8. TCP HEADER…
A connection oriented transport layer protocol.
Two important features that we need are
sequence no. and the acknowledgement no.
9. CONTINUED…
Each party numbers the bytes sent with a
different starting byte no.
When data are sent in segments, a sequence no.
Is assigned to each segment, which is the no. of
the first byte in the segment.
An acknowledgement no. is used to confirm the
bytes a host has received .The ack is the no. of
the net byte expected by the host.
SYN : a synchronise sequence no. flag.
ACK : an acknowledgement flag.
10. MECHANIM OF IP SPOOFING
A trusted
host IP
address of the same
subnet or an external
network is gained..
11.
12. HOW TO FIND
TARGET TCP SEQUENCE NO.???
Acquiring TCP sequence number of the
target system using some other TCP port
connection to the target just prior to
launching the attack.
The target RTT(round trip time) is
calculated , necessary to find the next
sequence number.
Now the attack begins…
13. ATTACK MECHANISM...
3 cases may arise:-
1.Guessed sequence no.=sequence no.
on the target TCP
2. Guessed sequence no.< sequence no. on
the target TCP
3.Gussed sequence no.>sequence no. on
the target TCP
14. CONTINUED..
1. Z(b)- -SYN- ->A
2.B<- -SYN/ACK- -A
3.Z(b)- -ACK- ->A
4.Z(b)- -PSH- -> A
After the compromise , the attacker will insert a
backdoor into the system , that will allow a
simple way of intrusion.( A command like ‘cat +
+ >> ~/.rhosts’ can be used.)
15. PREVENTION OF IP SPOOFING
PACKET FILTERING: Packets entering and
leaving the network should be filtered
Egress filtering checks the packets leaving the
network ensuring malicious packets don’t leave
the network.
Ingress filtering checks that incoming packets
are from the network they claim to be
from.(echo2>/proc/sys/net/ipv4/conf/*/rp_filter)
17. FILTERING AT THE ROUTER : If a site
has direct access to the internet , routers
can be used.
Only hosts on internal network can
participate in trust-relationships , then
simply filter out all outside traffic that
purports to come from inside.
An access control list should be
maintained to block private IP addresses
on the downstream interface.
18. ENCRYPTION AND
AUTHENTICATION…
All host based authentication measures
should be eliminated.
Implement cryptographic authentication
system-wide.
If trusted hosts from external network are
allowed ,enable encryption session at the
router.
19. CONCLUSION
IP Spoofing is a difficult problem to
tackle, because it is related to the IP
packet structure.
Although there is no easy solution for the
IP spoofing problem, we can apply some
simple proactive and reactive methods at
the nodes, and use the routers in the
network to help detect a spoofed packet
and trace it back to its originating source.
21. REFERENCES…
1.IP Spoofing, A journal by Farha Ali , Lander University.
2.IP spoofing
(http://bear.cba.ufl.edu/teets/projects/ISM6222F102/perryna/index.htm
l)
3.Bellovin, S.M, “Security problems in the TCP/IP protocol suite”.
AT&T Bell Laboratories, Murray Hill, New Jersey 07974
(http://www.research.att.com/~smb/papers/ipext.pdf)
4.Toth,Thomas,TCP/IP protocol suite .
(http://www.infosys.tuwien.ac.at/Teaching/Courses/InetSec/slides/sli
des2.pdf)
5. http://www.webopedia.com/TERM/I/IP_spoofing.html