Introduction to HP OpenView Project at INAC - PowerPoint PPT Presentation

1 / 27
About This Presentation
Title:

Introduction to HP OpenView Project at INAC

Description:

Session Hijacking. 12. IP Spoofing. A. 10.10.10.1. www.carleton.ca. 134.117.1.60 ... Half-open buffer has limited size. Half-open connection has a timer ... – PowerPoint PPT presentation

Number of Views:55
Avg rating:3.0/5.0
Slides: 28
Provided by: want
Category:

less

Transcript and Presenter's Notes

Title: Introduction to HP OpenView Project at INAC


1

IP Spoofing Attacks Defenses
Tao Wan Digital Security Group School of Computer
Science Carleton University Oct 30, 2003
2
Outline
  • Introduction
  • IP Spoofing Attacks
  • IP Spoofing Defenses
  • Concluding Remarks

3
Introduction
4
Protocol Stacks
HTTP
SNMP
802.3
802.11
others
OSI Model
5
Protocol Stacks
HTTP
SNMP
802.3
802.11
others
6
Data Transmissions
Application
data
data
Application
TCP UDP
TCP UDP
IP
IP
routing
Data link/physical
Data link/physical
A
B
7
IP Header
8
TCP Header
9
Security Services
  • Entity Authentication
  • What do you know
  • What do you have
  • What do you inherit
  • Integrity
  • Message authentication
  • Confidentiality
  • Encryption

10
IP Spoofing Attacks
11
IP Spoofing Attacks
  • IP Spoofing
  • DoS by Ping
  • TCP Sync Flooding
  • Session Hijacking

12
IP Spoofing
http//www.carleton.ca
spoofing
13
IP Spoofing Attacks Smurf IP DoS
A
ICMP Echo Reply Source T1 Dest V
V
14
Mail Address Spoofing Attacks Mail-bombs
Catalog Request Return Addr V
Sears
A
Canadian Tire
Phonebook Request Return Addr V
Pizza orders Return Addr V
Bell Canada
V
Boston Pizza
15
IP Spoofing Attacks TCP 3 Way Handshake
A
TCP SYN
Half-open buffer
TCP SYNACK
A
B
TCP ACK
A
Open buffer
Half-open buffer has limited size
Half-open connection has a timer associated with
16
IP Spoofing Attacks TCP Sync Flooding (DDos)
A
B
C
D
J
V
I
E
Half-open buffer is full
F
G
H
17
IP Spoofing Defenses
18
IP Spoofing Defenses
  • It is a VERY hard problem
  • Ingress/Egress Filtering
  • IP Authentication (IPsec AH)
  • Cryptographic Generated Address (CGA)

19
IP Spoofing Defenses Ingress/Egress Filtering
if src_addr is from 10.10.0.0 then drop else
forward
if src_addr is from 10.10.10.0 then forward else
drop
10.10.0.0
10.10.10.0
if src_addr is from 10.10.0.0 then forward else
drop
20
IP Spoofing Defenses IPSec (???)
  • Two Protocols
  • Authentication Header (AH)
  • Encapsulating Security Payload
  • Two Modes
  • Transport Mode
  • Tunnel Mode

21
IP Spoofing Defenses IP Authentication Header
(AH)
22
IP Spoofing Defenses IP Authentication Header
(AH)
23
IP Spoofing Defenses IPSec (???)
  • Data Origin Authentication
  • IP address is not modified en route
  • Is it a real or spoofed IP ??
  • Message Integrity
  • Replay Prevention

24
IP Spoofing Defenses Cryptographic Generated
Address (CGA)IPv6
25
IP Spoofing Defenses Cryptographic Generated
Address (CGA)IPv6
  • How about IPv4
  • Does everyone have a pair of private/public keys
    (authenticated)?
  • DoS by engaging a recipient into a endless
    process of verifying CGAs

26
Concluding Remarks
  • IP spoofing is a common technique for attacks
  • There is not too much we can do about it

27
Thanks !
Write a Comment
User Comments (0)
About PowerShow.com