Spoofing Basics Presentation developed by A.F.M Bakabillah Cyber Security and Networking Consultant MCSA: Messaging, MCSE RHCE ITIL CEH.

Slides:



Advertisements
Similar presentations
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Advertisements

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Man in the Middle attacks and ARP poisoning explained
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
IIT Indore © Neminath Hubballi
Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)
1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen
ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.
CHAPTER 11 Spoofing Attack. INTRODUCTION Definition Spoofing is the act of using one machine in the network communication to impersonate another. The.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF
Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
IT Ess I v.4x Chapter 1 Cisco Discovery Semester 1 Chapter 8 JEOPADY Q&A by SMBender, Template by K. Martin.
SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.
Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Analysing s Michael Jones. Overview How works Types of crimes associated with Mitigations Countermeasures Michael Jones2Analsysing s.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.
Presentation on ip spoofing BY
Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Agenda Spoofing Types of Spoofing o IP Spoofing o URL spoofing o Referrer spoofing o Caller ID spoofing o Address Spoofing.
An Introduction To ARP Spoofing & Other Attacks
Introduction to Information Security
Penetration Testing: Concepts,Attacks and Defence Stratagies
DDoS Attacks on Financial Institutions Presentation
Chapter 7: Identifying Advanced Attacks
IT Security  .
Instructor Materials Chapter 7 Network Security
Information Security and Privacy Pertaining to Phishing and Internet Scams Brian Corl COSC 316 Information Security and Privacy.
Error and Control Messages in the Internet Protocol
Security Fundamentals
Defending Against DDoS
Introduction to Networking
Network Security: IP Spoofing and Firewall
CCNA 2 v3.1 Module 10 Intermediate TCP/IP
Defending Against DDoS
What Makes a Network Vulnerable?
Firewalls Routers, Switches, Hubs VPNs
ARP Spoofing.
IP Spoofing Sometimes on the internet, a girl named Alice is really a man named Yves.
Lecture 3: Secure Network Architecture
Wireshark(Ethereal).
Firewalls Chapter 8.
DDoS Attack and Its Defense
How Our Customers Communicate With Us
Intrusion Detection and Hackers Exploits IP Spoofing Attack
Chapter 7 Network Applications
Computer Networks Protocols
Wireless Spoofing Attacks on Mobile Devices
Presentation transcript:

Spoofing Basics Presentation developed by A.F.M Bakabillah Cyber Security and Networking Consultant MCSA: Messaging, MCSE RHCE ITIL CEH

Definition - What does Spoofing mean? Spoofing, in general, is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver. Spoofing is most prevalent in communication mechanisms that lack a high level of security. In short Spoofing is "The False Digital Identity“.

Types of Spoofing IP Spoofing Internet Protocol (IP) is the protocol used for transmitting messages over the Internet; it is a network protocol operating at layer 3 of the OSI model. IP spoofing is the act of manipulated the headers in a transmitted message to mask a hackers true identity so that the message could appear as though it is from a trusted source.

Types of Spoofing IP Spoofing - Attacks Man-in-the-Middle attack In a Man-in-the-Middle attack, the message sent to a recipient is intercepted by a third-party which manipulates the packets and resends it own message. Denial of Service (DoS) Attack A DoS attack is when a attacker floods a system with more packets than its resources can handle. This then causes the system to overload and shut down. The source address is spoofed making it difficult to track from where are the attacks taking place.

Types of Spoofing IP Spoofing - Attacks Solutions IP spoofing can be prevented by monitoring packets using network monitoring software. A filtering router could also be installed, on the router an ACL (access control list) is needed to block private addresses on your downstream interface. On the upstream interface source address originating outside of the IP valid range will be blocked from sending spoofed information

Types of Spoofing URL Spoofing URL spoofing occurs when one website appears as if it is another. The URL that is displayed is not the real URL of the site, therefore the information is sent to a hidden web address.

Types of Spoofing URL Spoofing - Attacks Intrusion URL spoofing is sometimes used to direct a user to a fraudulent site and by giving the site the same look and feel as the original site the user attempts to login with a username and password. The hacker collects the username and password then displays a password error and directs the user to the legitimate site. Using this technique the hacker could create a series of fake websites and steal a user's private information unknowingly.

Types of Spoofing URL Spoofing - Solutions Security patches are released by web browsers which add the feature of revealing the "true" URL of a site in the web browser. It is important to check if your internet browser is vulnerable and to perform the necessary updates.

Types of Spoofing Email Spoofing Email spoofing is the act of altering the header of an email so that the email appears to be sent from someone else

Types of Spoofing Email Spoofing – Attacks Cause confusion or discredit a person Social Engineering (phishing) Hide identity of the sender (spamming)

Types of Spoofing Email Spoofing – Solutions Check the content of the email: Is the content weird in some way, or really unexpected from the sender? Does it contain a form? Does it request to either confirm or update login or any kind of information? Check the header of the email

Spoofing – Example [Man-in-the-middle] This is the simple scenario, and I try to draw it in a picture. Victim --- Attacker - Router Victim IP address : 192.168.1.90 Attacker network interface : eth0; with IP address : 192.168.1.93 Router IP address : 192.168.1.1 Requirements: Kali Linux Arpspoof Driftnet Urlsnarf

Spoofing – Example Steps: Open the terminal in kali linux. Enable IP forwrding in your machine. # echo 1 > /proc/sys/net/ipv4/ip_forward setting up arpspoof between victim and router. # arpspoof –i eth0 –t 192.168.1.90 192.168.1.1 After then setting up arpspoof from to capture all packet from router to victim. #arpspoof –I eth0 –t 192.168.1.1 192.168.1.90 After step three and four, now all the packet sent or received by victim should be going through attacker machine. Now we can try to use driftnet to monitor all victim image traffic. According to its website, Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.

Spoofing - Example Steps: Run driftnet # driftnet – i eth0 When victim browse a website with image, driftnet will capture all image traffic . Now we can try to use driftnet to monitor all victim image traffic. According to its website, Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic. To stop driftnet, just close the driftnet window or press CTRL + C in the terminal. For the next step we will try to capture the website information/data by using urlsnarf. To use urlsnarf, just run this command: # urlsnarf -i eth0 and urlsnarf will start capturing all website address visited by victim machine. When victim browse a website, attacker will know the address victim visited.

URL Spoofing [ Site Cloning] , Example http://tech-solutions.org/2017/06/19/%e0%a6%ab%e0%a6%bf%e0%a6%b6%e0%a6%bf%e0%a6%82- phishing/

DoS Attack - Example In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. DoS using hping3 with random source IP root@kali:~# hping3 -c 10000 -d 120 -S -w 64 -p 21 --flood --rand-source 192.168.1.80

DoS Attack - Example Let me explain the syntax’s used in this command: hping3 = Name of the application binary. -c 100000 = Number of packets to send. -d 120 = Size of each packet that was sent to target machine. -S = I am sending SYN packets only. -w 64 = TCP window size. -p 21 = Destination port (21 being FTP port). You can use any port here. --flood = Sending packets as fast as possible, without taking care to show incoming replies. Flood mode. --rand-source = Using Random Source IP Addresses. You can also use -a or –spoof to hide hostnames. See MAN page below. 192.168.1.80 = Destination IP address

DoS Attack - Example So how do you know it’s working? In hping3 flood mode, we don’t check replies received (actually you can’t because in this command we’ve used – rand-souce flag which means the source IP address is not yours anymore.) Took me just 5 minutes to completely make this machines unresponsive (that’s the definition of DoS – Denial of Service). In short, if this machine was a Web server, it wouldn’t be able to respond to any new connections and even if it could, it would be really really slow.

Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.