IP Spoofing - PowerPoint PPT Presentation

About This Presentation
Title:

IP Spoofing

Description:

IP Spoofing BY ASHISH KUMAR BT IT UNDER GUIDANCE OF MRS.ASHA JYOTI IP SPOOFING ? IP Spoofing is a technique used to gain unauthorized access to computers. – PowerPoint PPT presentation

Number of Views:4056
Avg rating:3.0/5.0
Slides: 25
Provided by: ash788
Category:

less

Transcript and Presenter's Notes

Title: IP Spoofing


1
IP Spoofing


  • BY
  • ASHISH KUMAR
  • BT
    IT
  • UNDER GUIDANCE
    OF
  • MRS.ASHA
    JYOTI


2
IP SPOOFING ?
  • IP Spoofing is a technique used to gain
    unauthorized access to computers.
  • IP Internet Protocol
  • Spoofing using somebody elses information
  • Exploits the trust relationships
  • Intruder sends messages to a computer with an IP
    address of a trusted host.

3
IP SPOOFING
4
WHY IP SPOOFING IS EASY ?
  • Problem with the Routers.
  • Routers look at Destination addresses only.
  • Authentication based on Source addresses only.
  • To change source address field in IP header field
    is easy

5
IP SPOOFING STEPS
  • Selecting a target host (the victim)
  • Identify a host that the target trust
  • Disable the trusted host, sampled the targets
    TCP sequence
  • The trusted host is impersonated and the ISN
    forged.
  • Connection attempt to a service that only
    requires address-based authentication.
  • If successfully connected, executes a simple
    command to leave a backdoor.

6
Spoofing Attacks
  • Spoofing is classified into -
  • 1. Non-blind spoofing
  • This attack takes place when the attacker is
    on the same subnet as the target that could see
    sequence and acknowledgement of packets.

7
CONTD
  • 2. Blind spoofing
  • This attack may take place from outside where
    sequence and acknowledgement numbers are
    unreachable. Attackers usually send several
    packets to the target machine in order to sample
    sequence numbers, which is doable in older days .

8
COTND
  • 3. Denial of Service Attack
  • IP spoofing is almost always used in denial
  • of service attacks (DoS), in which attackers
  • are concerned with consuming bandwidth
  • and resources by flooding the target with as
  • many packets as possible in a short amount
  • of time.

9
CONTD
  • 4. SMURF ATTACK
  • Send ICMP ping packet with spoofed IP source
    address to a LAN which will broadcast to all
    hosts on the LAN
  • Each host will send a reply packet to the spoofed
    IP address leading to denial of service

10
CONTD
  • 5. Man - in - the middle
  • Packet sniffs on link between the two
  • endpoints, and therefore can pretend to
  • be one end of the connection.

11
Detection of IP Spoofing
  • 1. If you monitor packets using
    network-monitoring software such as netlog, look
    for a packet on your external interface that has
    both its source and destination IP addresses in
    your local domain. If you find one, you are
    currently under attack.

12
Detection of IP Spoofing
  • 2. Another way to detect IP spoofing is to
    compare the process accounting logs between
    systems on your internal network. If the IP
    spoofing attack has succeeded on one of your
    systems, you may get a log entry on the victim
    machine showing a remote access on the apparent
    source machine, there will be no corresponding
    entry for initiating that remote access .

13
IP-Spoofing Counter-measures
  • No insecure authenticated services
  • Disable commands like ping
  • Use encryption
  • Strengthen TCP/IP protocol
  • Firewall
  • IP trace back

14
IP Trace-back
  • To trace back as close to the attackers location
    as possible
  • Limited in reliability and efficiency
  • Require cooperation of many other network
    operators along the routing path
  • Generally does not receive much attention from
    network operators

15
Misconception of IP Spoofing
  • A common misconception is that "IP Spoofing" can
  • be used to hide your IP address while surfing the
  • Internet, chatting on-line, sending e-mail, and
    so
  • forth.
  • This is generally not true. Forging the source IP
  • address causes the responses to be misdirected,
  • meaning you cannot create a normal network
  • connection. However, IP spoofing is an integral
    part of
  • many networks that do not need to see responses.

16
IP-Spoofing Facts
  • IP protocol is inherently weak
  • Makes no assumption about sender/recipient
  • Nodes on path do not check senders identity
  • There is no way to completely eliminate IP
    spoofing
  • Can only reduce the possibility of attack

17
Applications
  • Asymmetric routing (Splitting routing)
  • SAT DSL
  • NAT
  • IP Masquerade

18
ADVANTAGES
  • Multiple Servers
  • Sometimes you want to change where packets
    heading into your network will go. Frequently
    this is because you have only one IP address, but
    you want people to be able to get into the boxes
    behind the one with the real' IP address.

19
ADVANTAGES
  • Transparent Proxying
  • Sometimes you want to pretend that each packet
    which passes through your Linux box is destined
    for a program on the Linux box itself. This is
    used to make transparent proxies a proxy is a
    program which stands between your network and the
    outside world, shuffling communication between
    the two. The transparent part is because your
    network won't even know it's talking to a proxy,
    unless of course, the proxy doesn't work.

20
DISADVANTAGES
  • Blind to Replies
  • A drawback to ip source address spoofing is
    that reply packet will go back to the spoofed ip
    address rather than to the attacker. This is fine
    for many type of attack packet. However in the
    scanning attack as we will see next the attacker
    may need to see replies .in such cases ,the
    attacker can not use ip address spoofing .

21
DISADVANTAGE
  • Serial attack platforms
  • However, the attacker can still maintain
    anonymity by taking over a chain of attack hosts.
    The attacker attacks the target victim using a
    point host-the last host in the attack chain
    .Even if authorities learn the point hosts
    identity .They might not be able to track the
    attack through the chain of attack hosts all the
    way back to the attackers base host.

22
CONCLUSION
  • IP spoofing attacks is unavoidable.
  • Understanding how and why spoofing attacks are
    used, combined with a few simple prevention
    methods, can help protect your network from these
    malicious cloaking and cracking techniques.

23
References
  • IP-spoofing Demystified (Trust-Relationship
    Exploitation), www.networkcommand.com/docs/ipspoof
    .txt
  • Introduction to IP Spoofing, Victor Velasco,
    www.sans.org/rr/threats/intro_spoofing.php
  • Internet Vulnerabilities Related to TCP/IP and
    T/TCP, ACM SIGCOMM, Computer Communication Review
  • IP Spoofing, www.linuxgazette.com/issue63/sharma.h
    tml
  • FreeBSD IP Spoofing, www.securityfocus.com/advisor
    ies/2703
  • IP Spoofing Attacks and Hijacked Terminal
    Connections, www.cert.org/advisories/CA-1995-01.ht
    ml
  • Network support for IP trace-back
  • Web Spoofing. An Internet Con Game,
    http//bau2.uibk.ac.at/matic/spoofing.htm

24
  • THANK YOU !
Write a Comment
User Comments (0)
About PowerShow.com