SlideShare a Scribd company logo

Spoofing

Download as PPT, PDF
Greater Noida Institute Of Technology
Greater Noida Institute Of Technology

IP spoofing , prevention and security , how to spoofing webpage ..?

Engineering
1 of 26
Intrusion Detection and Hackers ExploitsIntrusion Detection and Hackers Exploits IP Spoofing AttackIP Spoofing Attack ))ANAND KUMAR MISHRAANAND KUMAR MISHRA((
IP spoofingIP spoofing  IP spoofing is a technique used to gainIP spoofing is a technique used to gain unauthorized access to computers, where by theunauthorized access to computers, where by the attacker sends messages to a computer with aattacker sends messages to a computer with a forging IP address indicating that the message isforging IP address indicating that the message is coming from a trusted host.coming from a trusted host.  Attacker puts an internal, or trusted, IP addressAttacker puts an internal, or trusted, IP address as its source. The access control device seesas its source. The access control device sees the IP address as trusted and lets it through.the IP address as trusted and lets it through.
IP SpoofingIP Spoofing  IP spoofing occurs when a hacker inside or outside aIP spoofing occurs when a hacker inside or outside a network impersonates the conversations of a trustednetwork impersonates the conversations of a trusted computer.computer.  Two general techniques are used during IP spoofing:Two general techniques are used during IP spoofing: • A hacker uses an IP address that is within the rangeA hacker uses an IP address that is within the range of trusted IP addresses.of trusted IP addresses. • A hacker uses an authorized external IP address thatA hacker uses an authorized external IP address that is trusted.is trusted.  Uses for IP spoofing include the following:Uses for IP spoofing include the following: • IP spoofing is usually limited to the injection ofIP spoofing is usually limited to the injection of malicious data or commands into an existing streammalicious data or commands into an existing stream of data.of data. • A hacker changes the routing tables to point to theA hacker changes the routing tables to point to the spoofed IP address, then the hacker can receive allspoofed IP address, then the hacker can receive all the network packets that are addressed to thethe network packets that are addressed to the spoofed address and reply just as any trusted userspoofed address and reply just as any trusted user can.can.
Basic Concept of IP SpoofingBasic Concept of IP Spoofing A 10.10.10.1 www.carleton.ca 134.117.1.60 http://www.carleton.c a 10.10.10.1 Src_IP 134.117.1.60 dst_IP Any (>1024) Src_port 80 dst_port 11.11.11.1 Src_IP 134.117.1.60 dst_IP Any (>1024) Src_port 80 dst_port spoofed
IP SpoofingIP Spoofing
Why IP Spoofing is easyWhy IP Spoofing is easy??  Problem with the Routers.Problem with the Routers.  Routers look at Destination addressesRouters look at Destination addresses only.only.  Authentication based on SourceAuthentication based on Source addresses only.addresses only.  To change source address field in IPTo change source address field in IP header field is easy.header field is easy.
Spoofing AttacksSpoofing Attacks:: There are a few variations on the types of attacksThere are a few variations on the types of attacks that using IP spoofing.that using IP spoofing. Spoofing is classified into :-Spoofing is classified into :- 1.non-blind spoofing1.non-blind spoofing This attack takes place when the attacker is onThis attack takes place when the attacker is on the same subnet as the target that could seethe same subnet as the target that could see sequence and acknowledgement of packets.sequence and acknowledgement of packets.  Using the spoofing to interfere with a connectionUsing the spoofing to interfere with a connection that sends packets along your subnet.that sends packets along your subnet.
Spoofing AttacksSpoofing Attacks:: sender ip spoofed packet victim partner dst: victim src: partner Oh, my partner sent me a packet. I’ll process this. impersonation
IP Spoofing trusted host A B Intruder Three-way handshake SYN(A) ACK(A+1) SYN(B) ACK(B+1)
Spoofing AttacksSpoofing Attacks:: 2. Blind spoofing2. Blind spoofing This attack may take place from outside whereThis attack may take place from outside where sequence and acknowledgement numbers aresequence and acknowledgement numbers are unreachable. Attackers usually send severalunreachable. Attackers usually send several packets to the target machine in order to samplepackets to the target machine in order to sample sequence numbers, which is doable in oldersequence numbers, which is doable in older days .days .  Using the spoofing to interfere with a connectionUsing the spoofing to interfere with a connection (or creating one), that does not send packets(or creating one), that does not send packets along your cable.along your cable.
Spoofing AttacksSpoofing Attacks:: sender victim ip spoofed packetdst: victim src: random Oops, many packets are coming. But, who is the real source? flooding attack
Spoofing AttacksSpoofing Attacks:: 3.Man in the Middle Attack3.Man in the Middle Attack This is also called connection hijacking. InThis is also called connection hijacking. In this attacks, a malicious party intercepts athis attacks, a malicious party intercepts a legitimate communication between twolegitimate communication between two hosts to controls the flow ofhosts to controls the flow of communication and to eliminate or altercommunication and to eliminate or alter the information sent by one of the originalthe information sent by one of the original participants without their knowledge.participants without their knowledge.
Spoofing AttacksSpoofing Attacks:: sender ip spoofed packet replypacket victim reflector src: victim dst: reflector dst:victim src:reflector Oops, a lot of replies without any request… reflectionreflection
Spoofing AttacksSpoofing Attacks:: 4.Denial of Service Attack4.Denial of Service Attack  conducting the attack, attackers spoof source IPconducting the attack, attackers spoof source IP addresses to make tracing and stopping the DoS asaddresses to make tracing and stopping the DoS as difficult as possible. When multiple compromised hostsdifficult as possible. When multiple compromised hosts are participating in the attack, all sending spoofed traffic,are participating in the attack, all sending spoofed traffic, it is very challenging to quickly block the traffic.it is very challenging to quickly block the traffic.  IP spoofing is almost always used in denial of serviceIP spoofing is almost always used in denial of service attacks (DoS), in which attackers are concerned withattacks (DoS), in which attackers are concerned with consuming bandwidth and resources by flooding theconsuming bandwidth and resources by flooding the target with as many packets as possible in a shorttarget with as many packets as possible in a short amount of time. To effectivelyamount of time. To effectively
Spoofing AttacksSpoofing Attacks::  IP spoofing can also be a method of attack used byIP spoofing can also be a method of attack used by network intruders to defeat network security measures,network intruders to defeat network security measures, such assuch as authenticationauthentication based on IP addresses. Thisbased on IP addresses. This method of attack on a remote system can be extremelymethod of attack on a remote system can be extremely difficult, as it involves modifying thousands of packets atdifficult, as it involves modifying thousands of packets at a time. This type of attack is most effective where trusta time. This type of attack is most effective where trust relationships exist between machines.relationships exist between machines.  For example, it is common on some corporate networksFor example, it is common on some corporate networks to have internal systems trust each other, so that a userto have internal systems trust each other, so that a user can log in without a username or password providedcan log in without a username or password provided they are connecting from another machine on thethey are connecting from another machine on the internal network (and so must already be logged in). Byinternal network (and so must already be logged in). By spoofing a connection from a trusted machine, anspoofing a connection from a trusted machine, an attacker may be able to access the target machineattacker may be able to access the target machine without authenticatingwithout authenticating..
SMURF ATTACKSMURF ATTACK  Send ICMP ping packet with spoofed IPSend ICMP ping packet with spoofed IP source address to a LAN which willsource address to a LAN which will broadcast to all hosts on the LANbroadcast to all hosts on the LAN  Each host will send a reply packet to theEach host will send a reply packet to the spoofed IP address leading to denial ofspoofed IP address leading to denial of serviceservice
Misconception of IP SpoofingMisconception of IP Spoofing:: A common misconception is that "IP Spoofing" canA common misconception is that "IP Spoofing" can be used to hide your IP address while surfing thebe used to hide your IP address while surfing the Internet, chatting on-line, sending e-mail, and soInternet, chatting on-line, sending e-mail, and so forth.forth. This is generally not true. Forging the source IPThis is generally not true. Forging the source IP address causes the responses to beaddress causes the responses to be misdirected, meaning you cannot create amisdirected, meaning you cannot create a normal network connection. However, IPnormal network connection. However, IP spoofing is an integral part of many networksspoofing is an integral part of many networks that do not need to see responses.that do not need to see responses.
ImpactImpact Current intruder activity in spoofing sourceCurrent intruder activity in spoofing source IP addresses can lead to unauthorizedIP addresses can lead to unauthorized remote root access to systems behind aremote root access to systems behind a filtering-router firewall. After gaining rootfiltering-router firewall. After gaining root access and taking over existing terminalaccess and taking over existing terminal and login connections, intruders can gainand login connections, intruders can gain access to remote hosts.access to remote hosts.
Detection of IP SpoofingDetection of IP Spoofing:: 1. If you monitor packets using network-1. If you monitor packets using network- monitoring software such as netlog, lookmonitoring software such as netlog, look for a packet on your external interface thatfor a packet on your external interface that has both its source and destination IPhas both its source and destination IP addresses in your local domain. If you findaddresses in your local domain. If you find one, you are currently under attack.one, you are currently under attack.
Detection of IP SpoofingDetection of IP Spoofing:: 2.2. Another way to detect IP spoofing is toAnother way to detect IP spoofing is to compare the process accounting logscompare the process accounting logs between systems on your internalbetween systems on your internal network. If the IP spoofing attack hasnetwork. If the IP spoofing attack has succeeded on one of your systems, yousucceeded on one of your systems, you may get a log entry on the victim machinemay get a log entry on the victim machine showing a remote access; on the apparentshowing a remote access; on the apparent source machine, there will be nosource machine, there will be no corresponding entry for initiating thatcorresponding entry for initiating that remote access.remote access.
Source Address Validation :Source Address Validation :  Check the source IP address of IPCheck the source IP address of IP packetspackets  filter invalid source addressfilter invalid source address  filter close to the packets origin as possiblefilter close to the packets origin as possible  filter precisely as possiblefilter precisely as possible  If no networks allow IP spoofing, we canIf no networks allow IP spoofing, we can eliminate these kinds of attackseliminate these kinds of attacks
close to the originclose to the origin  we can check and drop the packets which havewe can check and drop the packets which have unused address everywhere, but used spaceunused address everywhere, but used space can be checked before aggregationcan be checked before aggregation 10.0.0.0/23 10.0.3.0/24 You are spoofing! Hmm, this looks ok...but.. RT.a RT.b You are spoofing! You are spoofing! srcip: 10.0.0.1 srcip: 0.0.0.0 srcip: 10.0.0.1 srcip: 0.0.0.0 × × × srcip: 0.0.0.0 × You are spoofing! srcip: 10.0.0.1 × You are spoofing!
PreventionPrevention IP spoofingIP spoofing The best method of preventing the IP spoofingThe best method of preventing the IP spoofing problem is to install a filtering router that restrictsproblem is to install a filtering router that restricts the input to your external interface (known as anthe input to your external interface (known as an input filter) by not allowing a packet through if itinput filter) by not allowing a packet through if it has a source address from your internalhas a source address from your internal network. In addition, you should filter outgoingnetwork. In addition, you should filter outgoing packets that have a source address differentpackets that have a source address different from your internal network in order to prevent afrom your internal network in order to prevent a source IP spoofing attack originating from yoursource IP spoofing attack originating from your site.site.
PreventionPrevention IP spoofingIP spoofing If your vendor’s router does not support filtering onIf your vendor’s router does not support filtering on the inbound side of the interface or if there willthe inbound side of the interface or if there will be a delay in incorporating the feature into yourbe a delay in incorporating the feature into your system, you may filter the spoofed IP packets bysystem, you may filter the spoofed IP packets by using a second router between your externalusing a second router between your external interface and your outside connection. Configureinterface and your outside connection. Configure this router to block, on the outgoing interfacethis router to block, on the outgoing interface connected to your original router, all packets thatconnected to your original router, all packets that have a source address in your internal network.have a source address in your internal network.
Prevention of IP SpoofingPrevention of IP Spoofing:: To prevent IP spoofing happen in your network, theTo prevent IP spoofing happen in your network, the following are some common practices:following are some common practices: 1- Avoid using the source address authentication. Implement1- Avoid using the source address authentication. Implement cryptographic authentication system-wide.cryptographic authentication system-wide. 2- Configuring your network to reject packets from the Net that claim2- Configuring your network to reject packets from the Net that claim to originate from a local address.to originate from a local address. 3- Implementing ingress and egress filtering on the border routers3- Implementing ingress and egress filtering on the border routers and implement an ACL (access control list) that blocks private IPand implement an ACL (access control list) that blocks private IP addresses on your downstream interface.addresses on your downstream interface. If you allow outside connections from trusted hosts, enableIf you allow outside connections from trusted hosts, enable encryption sessions at the routerencryption sessions at the router..
FilteringFiltering Internet B IDS Router Firewall 10.10.10.0 10.10.0.0 if src_addr is from 10.10.0.0 then forward else drop if src_addr is from 10.10.0.0 then drop else forward

Recommended

I P S P O O F I N G
I P S P O O F I N GI P S P O O F I N G
I P S P O O F I N Gavinashkanchan
 
ip spoofing
ip spoofingip spoofing
ip spoofingmohan babu
 
Ipspoofing
IpspoofingIpspoofing
IpspoofingAkhil Kumar
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing pptAnushakp9
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip SpoofingRoushan Jha
 
Spoofing Techniques
Spoofing TechniquesSpoofing Techniques
Spoofing TechniquesRaza_Abidi
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofingarpit.arp
 

Recommended

I P S P O O F I N G
I P S P O O F I N GI P S P O O F I N G
I P S P O O F I N Gavinashkanchan
 
ip spoofing
ip spoofingip spoofing
ip spoofingmohan babu
 
Ipspoofing
IpspoofingIpspoofing
IpspoofingAkhil Kumar
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing pptAnushakp9
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip SpoofingRoushan Jha
 
Spoofing Techniques
Spoofing TechniquesSpoofing Techniques
Spoofing TechniquesRaza_Abidi
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofingarpit.arp
 
Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
Email Spoofing.pptx
Email Spoofing.pptxEmail Spoofing.pptx
Email Spoofing.pptxMumara Campaigns
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
cryptography ppt free download
cryptography ppt free downloadcryptography ppt free download
cryptography ppt free downloadTwinkal Harsora
 
Cryptography
CryptographyCryptography
CryptographyKalyani Government Engineering College
 
Spoofing
SpoofingSpoofing
SpoofingSanjeev
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Cryptography
CryptographyCryptography
CryptographySagar Janagonda
 
Man in the middle attack (mitm)
Man in the middle attack (mitm)Man in the middle attack (mitm)
Man in the middle attack (mitm)Hemal Joshi
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffersKunal Thakur
 
Ip spoofing & types of attachs using it
Ip spoofing & types of attachs using itIp spoofing & types of attachs using it
Ip spoofing & types of attachs using itRajesh Porwal
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service AttacksHansa Nidushan
 
Dos attack
Dos attackDos attack
Dos attackManjushree Mashal
 
Packet Sniffing
Packet SniffingPacket Sniffing
Packet Sniffingguestfa1226
 
Email phising and spoofing hurting your business
Email phising and spoofing hurting your businessEmail phising and spoofing hurting your business
Email phising and spoofing hurting your businessMithi SkyConnect
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppthimanshujoshi238
 
Ip spoofing attacks
Ip spoofing attacksIp spoofing attacks
Ip spoofing attacksApijay Kumar
 
Cryptography
CryptographyCryptography
Cryptographyjayashri kolekar
 
Phishing
PhishingPhishing
PhishingSagar Rai
 
spoofing.ppt
spoofing.pptspoofing.ppt
spoofing.pptUzma443495
 
IP Spoofing
IP SpoofingIP Spoofing
IP SpoofingAkmal Hussain
 

More Related Content

What's hot

Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
cryptography ppt free download
cryptography ppt free downloadcryptography ppt free download
cryptography ppt free downloadTwinkal Harsora
 
Spoofing
SpoofingSpoofing
SpoofingSanjeev
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Man in the middle attack (mitm)
Man in the middle attack (mitm)Man in the middle attack (mitm)
Man in the middle attack (mitm)Hemal Joshi
 
Ip spoofing & types of attachs using it
Ip spoofing & types of attachs using itIp spoofing & types of attachs using it
Ip spoofing & types of attachs using itRajesh Porwal
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service AttacksHansa Nidushan
 
Email phising and spoofing hurting your business
Email phising and spoofing hurting your businessEmail phising and spoofing hurting your business
Email phising and spoofing hurting your businessMithi SkyConnect
 
Ip spoofing attacks
Ip spoofing attacksIp spoofing attacks
Ip spoofing attacksApijay Kumar
 

What's hot (20)

Denial of service
Denial of serviceDenial of service
Denial of service
 
Email Spoofing.pptx
Email Spoofing.pptxEmail Spoofing.pptx
Email Spoofing.pptx
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle Attack
 
cryptography ppt free download
cryptography ppt free downloadcryptography ppt free download
cryptography ppt free download
 
Cryptography
CryptographyCryptography
Cryptography
 
Spoofing
SpoofingSpoofing
Spoofing
 
Network security
Network securityNetwork security
Network security
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
Cryptography
CryptographyCryptography
Cryptography
 
Man in the middle attack (mitm)
Man in the middle attack (mitm)Man in the middle attack (mitm)
Man in the middle attack (mitm)
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
 
Ip spoofing & types of attachs using it
Ip spoofing & types of attachs using itIp spoofing & types of attachs using it
Ip spoofing & types of attachs using it
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service Attacks
 
Dos attack
Dos attackDos attack
Dos attack
 
Packet Sniffing
Packet SniffingPacket Sniffing
Packet Sniffing
 
Email phising and spoofing hurting your business
Email phising and spoofing hurting your businessEmail phising and spoofing hurting your business
Email phising and spoofing hurting your business
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
 
Ip spoofing attacks
Ip spoofing attacksIp spoofing attacks
Ip spoofing attacks
 
Cryptography
CryptographyCryptography
Cryptography
 
Phishing
PhishingPhishing
Phishing
 

Similar to Spoofing

342_IP_Spoofing.pptx
342_IP_Spoofing.pptx342_IP_Spoofing.pptx
342_IP_Spoofing.pptxRajeshArora97
 
Module 10 (session hijacking)
Module 10 (session hijacking)Module 10 (session hijacking)
Module 10 (session hijacking)Wail Hassan
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTDHRUV562167
 
Ethical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingEthical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingsxkkjbzq2k
 
Efficient packet marking for large scale ip trace back(synopsis)
Efficient packet marking for large scale ip trace back(synopsis)Efficient packet marking for large scale ip trace back(synopsis)
Efficient packet marking for large scale ip trace back(synopsis)Mumbai Academisc
 
Askozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, EnglishAskozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, EnglishAskozia
 
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITY
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITYCOUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITY
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITYIJNSA Journal
 
Recognizing security threats
Recognizing security threatsRecognizing security threats
Recognizing security threatsKishore Kumar
 

Similar to Spoofing (20)

spoofing.ppt
spoofing.pptspoofing.ppt
spoofing.ppt
 
IP Spoofing
IP SpoofingIP Spoofing
IP Spoofing
 
ip spoofing
ip spoofingip spoofing
ip spoofing
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Cisco
 
Presentation1
Presentation1Presentation1
Presentation1
 
IP spoofing .pptx
IP spoofing .pptxIP spoofing .pptx
IP spoofing .pptx
 
342_IP_Spoofing.pptx
342_IP_Spoofing.pptx342_IP_Spoofing.pptx
342_IP_Spoofing.pptx
 
Proposed Methods of IP Spoofing Detection & Prevention
Proposed Methods of IP Spoofing Detection & Prevention Proposed Methods of IP Spoofing Detection & Prevention
Proposed Methods of IP Spoofing Detection & Prevention
 
Network Security
Network SecurityNetwork Security
Network Security
 
Module 10 (session hijacking)
Module 10 (session hijacking)Module 10 (session hijacking)
Module 10 (session hijacking)
 
INTERNATIONAL INDEXED REFEREED RESEARCH PAPER
INTERNATIONAL INDEXED REFEREED RESEARCH PAPERINTERNATIONAL INDEXED REFEREED RESEARCH PAPER
INTERNATIONAL INDEXED REFEREED RESEARCH PAPER
 
31.ppt
31.ppt31.ppt
31.ppt
 
31.ppt
31.ppt31.ppt
31.ppt
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
 
Ethical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingEthical hacking is a based on computer hacking
Ethical hacking is a based on computer hacking
 
Efficient packet marking for large scale ip trace back(synopsis)
Efficient packet marking for large scale ip trace back(synopsis)Efficient packet marking for large scale ip trace back(synopsis)
Efficient packet marking for large scale ip trace back(synopsis)
 
Askozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, EnglishAskozia VoIP Security white paper - 2017, English
Askozia VoIP Security white paper - 2017, English
 
Himanshupptx
HimanshupptxHimanshupptx
Himanshupptx
 
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITY
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITYCOUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITY
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITY
 
Recognizing security threats
Recognizing security threatsRecognizing security threats
Recognizing security threats
 

More from Greater Noida Institute Of Technology

More from Greater Noida Institute Of Technology (20)

Airline Analysis of Data Using Hadoop
Airline Analysis of Data Using HadoopAirline Analysis of Data Using Hadoop
Airline Analysis of Data Using Hadoop
 
College Administration Management System
College Administration Management System College Administration Management System
College Administration Management System
 
Web security
Web securityWeb security
Web security
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Viruses worms
Viruses wormsViruses worms
Viruses worms
 
Sentimental Analysis of twitter data .
Sentimental Analysis of twitter data .Sentimental Analysis of twitter data .
Sentimental Analysis of twitter data .
 
Hacking Question and Answer
Hacking Question and Answer Hacking Question and Answer
Hacking Question and Answer
 
Security tools
Security toolsSecurity tools
Security tools
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its Defence
 
BroadBand Over powerline .
BroadBand Over powerline .BroadBand Over powerline .
BroadBand Over powerline .
 
Modern Networking Hacking
Modern Networking HackingModern Networking Hacking
Modern Networking Hacking
 
Network security
Network securityNetwork security
Network security
 
Lifi Technology
Lifi TechnologyLifi Technology
Lifi Technology
 
Hack wireless internet connections or wifi
Hack wireless internet connections or wifiHack wireless internet connections or wifi
Hack wireless internet connections or wifi
 
Hacking step (Methodology)
Hacking step (Methodology)Hacking step (Methodology)
Hacking step (Methodology)
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
How to become Hackers .
How to become Hackers .How to become Hackers .
How to become Hackers .
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 

Recently uploaded

Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 

Recently uploaded (20)

Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 

Spoofing

  • 1. Intrusion Detection and Hackers ExploitsIntrusion Detection and Hackers Exploits IP Spoofing AttackIP Spoofing Attack ))ANAND KUMAR MISHRAANAND KUMAR MISHRA((
  • 2. IP spoofingIP spoofing  IP spoofing is a technique used to gainIP spoofing is a technique used to gain unauthorized access to computers, where by theunauthorized access to computers, where by the attacker sends messages to a computer with aattacker sends messages to a computer with a forging IP address indicating that the message isforging IP address indicating that the message is coming from a trusted host.coming from a trusted host.  Attacker puts an internal, or trusted, IP addressAttacker puts an internal, or trusted, IP address as its source. The access control device seesas its source. The access control device sees the IP address as trusted and lets it through.the IP address as trusted and lets it through.
  • 3. IP SpoofingIP Spoofing  IP spoofing occurs when a hacker inside or outside aIP spoofing occurs when a hacker inside or outside a network impersonates the conversations of a trustednetwork impersonates the conversations of a trusted computer.computer.  Two general techniques are used during IP spoofing:Two general techniques are used during IP spoofing: • A hacker uses an IP address that is within the rangeA hacker uses an IP address that is within the range of trusted IP addresses.of trusted IP addresses. • A hacker uses an authorized external IP address thatA hacker uses an authorized external IP address that is trusted.is trusted.  Uses for IP spoofing include the following:Uses for IP spoofing include the following: • IP spoofing is usually limited to the injection ofIP spoofing is usually limited to the injection of malicious data or commands into an existing streammalicious data or commands into an existing stream of data.of data. • A hacker changes the routing tables to point to theA hacker changes the routing tables to point to the spoofed IP address, then the hacker can receive allspoofed IP address, then the hacker can receive all the network packets that are addressed to thethe network packets that are addressed to the spoofed address and reply just as any trusted userspoofed address and reply just as any trusted user can.can.
  • 4. Basic Concept of IP SpoofingBasic Concept of IP Spoofing A 10.10.10.1 www.carleton.ca 134.117.1.60 http://www.carleton.c a 10.10.10.1 Src_IP 134.117.1.60 dst_IP Any (>1024) Src_port 80 dst_port 11.11.11.1 Src_IP 134.117.1.60 dst_IP Any (>1024) Src_port 80 dst_port spoofed
  • 6. Why IP Spoofing is easyWhy IP Spoofing is easy??  Problem with the Routers.Problem with the Routers.  Routers look at Destination addressesRouters look at Destination addresses only.only.  Authentication based on SourceAuthentication based on Source addresses only.addresses only.  To change source address field in IPTo change source address field in IP header field is easy.header field is easy.
  • 7. Spoofing AttacksSpoofing Attacks:: There are a few variations on the types of attacksThere are a few variations on the types of attacks that using IP spoofing.that using IP spoofing. Spoofing is classified into :-Spoofing is classified into :- 1.non-blind spoofing1.non-blind spoofing This attack takes place when the attacker is onThis attack takes place when the attacker is on the same subnet as the target that could seethe same subnet as the target that could see sequence and acknowledgement of packets.sequence and acknowledgement of packets.  Using the spoofing to interfere with a connectionUsing the spoofing to interfere with a connection that sends packets along your subnet.that sends packets along your subnet.
  • 8. Spoofing AttacksSpoofing Attacks:: sender ip spoofed packet victim partner dst: victim src: partner Oh, my partner sent me a packet. I’ll process this. impersonation
  • 9. IP Spoofing trusted host A B Intruder Three-way handshake SYN(A) ACK(A+1) SYN(B) ACK(B+1)
  • 10. Spoofing AttacksSpoofing Attacks:: 2. Blind spoofing2. Blind spoofing This attack may take place from outside whereThis attack may take place from outside where sequence and acknowledgement numbers aresequence and acknowledgement numbers are unreachable. Attackers usually send severalunreachable. Attackers usually send several packets to the target machine in order to samplepackets to the target machine in order to sample sequence numbers, which is doable in oldersequence numbers, which is doable in older days .days .  Using the spoofing to interfere with a connectionUsing the spoofing to interfere with a connection (or creating one), that does not send packets(or creating one), that does not send packets along your cable.along your cable.
  • 11. Spoofing AttacksSpoofing Attacks:: sender victim ip spoofed packetdst: victim src: random Oops, many packets are coming. But, who is the real source? flooding attack
  • 12. Spoofing AttacksSpoofing Attacks:: 3.Man in the Middle Attack3.Man in the Middle Attack This is also called connection hijacking. InThis is also called connection hijacking. In this attacks, a malicious party intercepts athis attacks, a malicious party intercepts a legitimate communication between twolegitimate communication between two hosts to controls the flow ofhosts to controls the flow of communication and to eliminate or altercommunication and to eliminate or alter the information sent by one of the originalthe information sent by one of the original participants without their knowledge.participants without their knowledge.
  • 13. Spoofing AttacksSpoofing Attacks:: sender ip spoofed packet replypacket victim reflector src: victim dst: reflector dst:victim src:reflector Oops, a lot of replies without any request… reflectionreflection
  • 14. Spoofing AttacksSpoofing Attacks:: 4.Denial of Service Attack4.Denial of Service Attack  conducting the attack, attackers spoof source IPconducting the attack, attackers spoof source IP addresses to make tracing and stopping the DoS asaddresses to make tracing and stopping the DoS as difficult as possible. When multiple compromised hostsdifficult as possible. When multiple compromised hosts are participating in the attack, all sending spoofed traffic,are participating in the attack, all sending spoofed traffic, it is very challenging to quickly block the traffic.it is very challenging to quickly block the traffic.  IP spoofing is almost always used in denial of serviceIP spoofing is almost always used in denial of service attacks (DoS), in which attackers are concerned withattacks (DoS), in which attackers are concerned with consuming bandwidth and resources by flooding theconsuming bandwidth and resources by flooding the target with as many packets as possible in a shorttarget with as many packets as possible in a short amount of time. To effectivelyamount of time. To effectively
  • 15. Spoofing AttacksSpoofing Attacks::  IP spoofing can also be a method of attack used byIP spoofing can also be a method of attack used by network intruders to defeat network security measures,network intruders to defeat network security measures, such assuch as authenticationauthentication based on IP addresses. Thisbased on IP addresses. This method of attack on a remote system can be extremelymethod of attack on a remote system can be extremely difficult, as it involves modifying thousands of packets atdifficult, as it involves modifying thousands of packets at a time. This type of attack is most effective where trusta time. This type of attack is most effective where trust relationships exist between machines.relationships exist between machines.  For example, it is common on some corporate networksFor example, it is common on some corporate networks to have internal systems trust each other, so that a userto have internal systems trust each other, so that a user can log in without a username or password providedcan log in without a username or password provided they are connecting from another machine on thethey are connecting from another machine on the internal network (and so must already be logged in). Byinternal network (and so must already be logged in). By spoofing a connection from a trusted machine, anspoofing a connection from a trusted machine, an attacker may be able to access the target machineattacker may be able to access the target machine without authenticatingwithout authenticating..
  • 16. SMURF ATTACKSMURF ATTACK  Send ICMP ping packet with spoofed IPSend ICMP ping packet with spoofed IP source address to a LAN which willsource address to a LAN which will broadcast to all hosts on the LANbroadcast to all hosts on the LAN  Each host will send a reply packet to theEach host will send a reply packet to the spoofed IP address leading to denial ofspoofed IP address leading to denial of serviceservice
  • 17. Misconception of IP SpoofingMisconception of IP Spoofing:: A common misconception is that "IP Spoofing" canA common misconception is that "IP Spoofing" can be used to hide your IP address while surfing thebe used to hide your IP address while surfing the Internet, chatting on-line, sending e-mail, and soInternet, chatting on-line, sending e-mail, and so forth.forth. This is generally not true. Forging the source IPThis is generally not true. Forging the source IP address causes the responses to beaddress causes the responses to be misdirected, meaning you cannot create amisdirected, meaning you cannot create a normal network connection. However, IPnormal network connection. However, IP spoofing is an integral part of many networksspoofing is an integral part of many networks that do not need to see responses.that do not need to see responses.
  • 18. ImpactImpact Current intruder activity in spoofing sourceCurrent intruder activity in spoofing source IP addresses can lead to unauthorizedIP addresses can lead to unauthorized remote root access to systems behind aremote root access to systems behind a filtering-router firewall. After gaining rootfiltering-router firewall. After gaining root access and taking over existing terminalaccess and taking over existing terminal and login connections, intruders can gainand login connections, intruders can gain access to remote hosts.access to remote hosts.
  • 19. Detection of IP SpoofingDetection of IP Spoofing:: 1. If you monitor packets using network-1. If you monitor packets using network- monitoring software such as netlog, lookmonitoring software such as netlog, look for a packet on your external interface thatfor a packet on your external interface that has both its source and destination IPhas both its source and destination IP addresses in your local domain. If you findaddresses in your local domain. If you find one, you are currently under attack.one, you are currently under attack.
  • 20. Detection of IP SpoofingDetection of IP Spoofing:: 2.2. Another way to detect IP spoofing is toAnother way to detect IP spoofing is to compare the process accounting logscompare the process accounting logs between systems on your internalbetween systems on your internal network. If the IP spoofing attack hasnetwork. If the IP spoofing attack has succeeded on one of your systems, yousucceeded on one of your systems, you may get a log entry on the victim machinemay get a log entry on the victim machine showing a remote access; on the apparentshowing a remote access; on the apparent source machine, there will be nosource machine, there will be no corresponding entry for initiating thatcorresponding entry for initiating that remote access.remote access.
  • 21. Source Address Validation :Source Address Validation :  Check the source IP address of IPCheck the source IP address of IP packetspackets  filter invalid source addressfilter invalid source address  filter close to the packets origin as possiblefilter close to the packets origin as possible  filter precisely as possiblefilter precisely as possible  If no networks allow IP spoofing, we canIf no networks allow IP spoofing, we can eliminate these kinds of attackseliminate these kinds of attacks
  • 22. close to the originclose to the origin  we can check and drop the packets which havewe can check and drop the packets which have unused address everywhere, but used spaceunused address everywhere, but used space can be checked before aggregationcan be checked before aggregation 10.0.0.0/23 10.0.3.0/24 You are spoofing! Hmm, this looks ok...but.. RT.a RT.b You are spoofing! You are spoofing! srcip: 10.0.0.1 srcip: 0.0.0.0 srcip: 10.0.0.1 srcip: 0.0.0.0 × × × srcip: 0.0.0.0 × You are spoofing! srcip: 10.0.0.1 × You are spoofing!
  • 23. PreventionPrevention IP spoofingIP spoofing The best method of preventing the IP spoofingThe best method of preventing the IP spoofing problem is to install a filtering router that restrictsproblem is to install a filtering router that restricts the input to your external interface (known as anthe input to your external interface (known as an input filter) by not allowing a packet through if itinput filter) by not allowing a packet through if it has a source address from your internalhas a source address from your internal network. In addition, you should filter outgoingnetwork. In addition, you should filter outgoing packets that have a source address differentpackets that have a source address different from your internal network in order to prevent afrom your internal network in order to prevent a source IP spoofing attack originating from yoursource IP spoofing attack originating from your site.site.
  • 24. PreventionPrevention IP spoofingIP spoofing If your vendor’s router does not support filtering onIf your vendor’s router does not support filtering on the inbound side of the interface or if there willthe inbound side of the interface or if there will be a delay in incorporating the feature into yourbe a delay in incorporating the feature into your system, you may filter the spoofed IP packets bysystem, you may filter the spoofed IP packets by using a second router between your externalusing a second router between your external interface and your outside connection. Configureinterface and your outside connection. Configure this router to block, on the outgoing interfacethis router to block, on the outgoing interface connected to your original router, all packets thatconnected to your original router, all packets that have a source address in your internal network.have a source address in your internal network.
  • 25. Prevention of IP SpoofingPrevention of IP Spoofing:: To prevent IP spoofing happen in your network, theTo prevent IP spoofing happen in your network, the following are some common practices:following are some common practices: 1- Avoid using the source address authentication. Implement1- Avoid using the source address authentication. Implement cryptographic authentication system-wide.cryptographic authentication system-wide. 2- Configuring your network to reject packets from the Net that claim2- Configuring your network to reject packets from the Net that claim to originate from a local address.to originate from a local address. 3- Implementing ingress and egress filtering on the border routers3- Implementing ingress and egress filtering on the border routers and implement an ACL (access control list) that blocks private IPand implement an ACL (access control list) that blocks private IP addresses on your downstream interface.addresses on your downstream interface. If you allow outside connections from trusted hosts, enableIf you allow outside connections from trusted hosts, enable encryption sessions at the routerencryption sessions at the router..
  • 26. FilteringFiltering Internet B IDS Router Firewall 10.10.10.0 10.10.0.0 if src_addr is from 10.10.0.0 then forward else drop if src_addr is from 10.10.0.0 then drop else forward

Editor's Notes

  1. 1- The creation of IP packets with counterfeit (spoofed) IP source addresses. 2- A method of attack used by network intruders to defeat network security measures such as authentication based on IP addresses. There are attacks where the attacker “spoofs” the source IP address of a “trusted” IP address to slip by security measures in the network. This attack uses the trust relationships established by IP addresses that are considered trusted (usually internal) versus untrusted
  2. IP spoofing attack occurs when an attacker outside your network pretends to be a trusted user either by using an IP address that is within the range of IP addresses for your network or by using an authorized external IP address that you trust and to which you want to provide access to specified resources on your network. Should an attacker get access to your IPSec security parameters, that attacker can masquerade as the remote user authorized to connect to the corporate network.
  3. The threat of this type of spoofing is session hijacking and an attacker could bypass any authentication measures taken place to build the connection. This is accomplished by corrupting the DataStream of an established connection, then re-establishing it based on correct sequence and acknowledgement numbers with the attack machine.
  4. session hijack or reset TCP SESSION HIJACKING Send RST packet with spoofed source IP address and appropriate sequence number to one end SYN-flood that end send ACK packets to target at other end
  5. Today, most OSs implement random sequence number generation, making it difficult to predict them accurately. If, however, the sequence number was compromised, data could be sent to the target.
  6. hide
  7. A type of attack where a user gets between the sender and receiver of information and sniffs any information being sent. In some cases, users may be sending unencrypted data, which means the man-in-the-middle can easily obtain any unencrypted information. In other cases, a user may be able to obtain the information from the attack but have to unencrypt the information before it can be read.
  8. ip reflected attack
  9. ICMP datagrams • ICMP (Internet Control Message Protocol) datagrams are signaling messages, encapsulated within IP datagrams, used by the network layer to notify special events such as destinations unreachable, redirection, congestion control, testing network connectivity and others.
  10. We can monitor packets using network-monitoring software. A packet on an external interface that has both its source and destination IP addresses in the local domain is an indication of IP spoofing. Another way to detect IP spoofing is to compare the process accounting logs between systems on your internal network. If the IP spoofing attack has succeeded on one of your systems, you may get a log entry on the victim machine showing a remote access; on the apparent source machine, there will be no corresponding entry for initiating that remote access
  11. For this purpose, you can use a filtering router or a UNIX system with two interfaces that supports packet filtering. Disabling source routing at the router does not protect you from this attack, but it is still good security practice to do so.