IP SPOOFING: A Hacking Technique - PowerPoint PPT Presentation

1 / 21
About This Presentation
Title:

IP SPOOFING: A Hacking Technique

Description:

IP SPOOFING: A Hacking Technique TOPICS What is TCP/IP TCP\IP protocol architecture What is IP & TCP TCP\IP Protocol working What is IP Spoofing & its working IP ... – PowerPoint PPT presentation

Number of Views:531
Avg rating:3.0/5.0
Slides: 22
Provided by: Kev105
Category:

less

Transcript and Presenter's Notes

Title: IP SPOOFING: A Hacking Technique


1
IP SPOOFING A Hacking Technique

2
TOPICS
  • What is TCP/IP
  • TCP\IP protocol architecture
  • What is IP TCP
  • TCP\IP Protocol working
  • What is IP Spoofing its working
  • IP Spoofing Examples
  • IP Spoofing Attacks
  • Uses of IP Spoofing
  • Stopping Methods Of Spoofing
  • IP Spoofing is still developing
  • Conclusion
  • References

3
What is TCP/IP
  • General use of term TCP/IP describes the
    Architecture upon which the Internet is built.
  • TCP/IP are specific protocols within that
    architecture.

4
TCP/IP PROTOCOL ARCHITECTURE
Application
Transport
TCP
Internet
IP
Data Link
Physical
5
What is IP
  • IP is the Internet protocol used in Internet
    layer.
  • It does not guarantee delivery or ordering, only
    it move packets from a source address to a
    destination address.
  • IP addresses are used to express the source and
    destination.
  • IP assumes that each address is unique within the
    network.

6
What is TCP
  • TCP is the Transmission Control Protocol used in
    Transport layer.
  • It guarantees delivery and ordering, but depends
    upon IP to move packets to proper destination.
  • Port numbers are used to express source and
    destination.
  • Destination Port is assumed to be awaiting
    packets of data.

7
TCP/IP PROTOCOL WORKING
Client Using Mozilla
Some Web Server
HTTP - GET
Application
Application
Transport
Transport
TCP Port 80
Internet
Internet
IP 10.24.1.1
Data Link
Data Link
MAC 001122334455
Physical
Physical
1101001001110100110100110101
8
What is IP SPOOFING
  • IP spoofing is the creation of TCP/IP packets
    with
  • somebody else's IP address in the header.
  • Routers use the destination IP address to forward
    packets, but ignore the source IP address.
  • The source IP address is used only by the
    destination
  • machine, when it responds back to the
    source.
  • When an attacker spoofs someones IP address, the
  • victims reply goes back to that address.
  • Because the source address is not the same as the
    attackers address, any replies generated by the
    destination will not be sent to the attacker.
  • Since the attacker does not receive packets back,
    this is called a one-way attack or blind
    spoofing.

9
  • To see the return packets, the attacker must
    intercept them.
  • Attacker must have an alternate way to spy on
    traffic/predict responses.
  • To maintain a connection, Attacker must fulfill
    the protocol requirements
  • Attacker normally within a LAN/on the
    communication path between server and client.
  • Attacker is not blind, since the he can see
    traffic from both server and client.

10
Steps for SPOOFING IP
  • IP spoofing Technique consists of these steps
  • Selecting a target host (the victim).
  • Identifying a host that has a "trust"
    relationship with the target. This can be
    accomplished by looking at the traffic of the
    target host. There cannot be an attack if the
    target does not trust anyone.
  • The trusted host is then disabled using SYN
    flooding and the targets TCP sequence numbers
    are sampled.

11
  • A connection attempt is made to a service that
    only requires address-based authentication (no
    user id or password).
  • If a successful connection is made, the attacker
    executes a simple command to leave a backdoor.
    This allows for simple re-entries in a
    non-interactive way for the attacker.

12
Establishing a TCP Connection
13
IP Spoofing Example A Valid Source IP
14
IP Spoofing Example A Spoofed Source IP
15
Actually what happens?
Alice
Bob
2. Eve can monitor traffic between Alice and Bob
without altering the packets or sequence numbers.
Im Bob!
Im Alice!
1. Eve assumes a man-in-the-middle position
through some mechanism. For example, Eve could
use Arp Poisoning, social engineering, router
hacking etc...
3. At any point, Eve can assume the identity of
either Bob or Alice through the Spoofed IP
address. This breaks the pseudo connection as
Eve will start modifying the sequence numbers
Eve
16
IP SPOOFING ATTACKS
  • Attacks using IP spoofing includes
  • Manin-the-middle (MITM) packet sniffs on link
    between the two endpoints, and therefore can
    pretend to be one end of the connection.
  • Routing re-direct redirects routing information
    from the original host to the attackers host (a
    variation on the man-in the-middle attack).
  • Source routing The attacker redirects individual
    packets by the hackers host.
  • Smurfing ICMP packet spoofed to originate from
    the victim, destined for the broadcast adress,
    causing all hosts on the network to respond to
    the victim at once. This congests network
    bandwidth, floods the victim, and causes a loop
    at the victim.

17
USES OF SPOOFING
  • IP spoofing is most frequently used in
    denial-of-service attacks.
  • In such attacks, the goal is to flood the victim
    with large amounts of traffic, and the attacker
    does not care about receiving responses to his
    attack packets.
  • Packets with spoofed address are more difficult
    to filter since each spoofed packet appears to
    come from a different address, and they hide the
    true source of the attack.
  • Denial of service attacks that use spoofing
    typically randomly choose addresses from the
    entire IP address space
  • This mechanisms might avoid unroutable addresses
    or unused portions of the IP address space.
  • IP spoofing can also be a method of attack used
    by network intruders to defeat network security
    measures, such as authentication based on IP
    addresses.
  • By spoofing a connection from a trusted machine,
    an attacker may be able to access the target
    machine without authenticating.

18
STOPPING OF SPOOFING ATTACKS
  • Encryption
  • Disable Ping
  • More secure authentication
  • Good random number generator
  • Shorten time-out value in TCP/IP requests
  • Firewall

19
IP Spoofing is still developing
  • IP spoofing is still possible today, but has to
    develop in the face of growing security.
  • New techniques includes a method of using IP
    spoofing to perform remote scans and determine
    the Sequence number
  • This allows a session Hijack attack even if the
    Attacker is blind

20
CONCLUSION
  • IP Spoofing is an old school Hacker trick that
    continues to evolve.
  • Can be used for a wide variety of purposes.
  • This will continue to represent a threat as long
    as each layer continues to trust each other and
    people are willing to destroy that trust.

21
REFERENCES
  • http//www.google.com
  • http//en.wikipedia.org
  • http//www.securityfocus.com
  • http//www.encyclopedia.com
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "IP SPOOFING: A Hacking Technique" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!