Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Slides:

Advertisements

Similar presentations

Module X Session Hijacking

Advertisements

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Computer Security and Penetration Testing

CISCO NETWORKING ACADEMY PROGRAM (CNAP)

Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.

System Security Scanning and Discovery Chapter 14.

Network Attacks Mark Shtern.

IP Spoofing, CS2651 IP Spoofing Bao Ho ToanTai Vu CS Security Engineering Spring 2003 San Jose State University.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.

SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.

Port Scanning Yiqian Zhang CS 265 Project. What is Port Scanning? port scanning is equivalent to knocking on the walls to find all the doors and windows.

Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

1 The Attack and Defense of Computers Dr. 許富皓. 2 Network Architecture:

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

OSI Model Routing Connection-oriented/Connectionless Network Services.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.

Scanning and Spoofing Lesson 7. Scanning Ping Sweeps Port Scanners Vulnerability Scanning tools.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

IIT Indore © Neminath Hubballi

Computer Security and Penetration Testing

Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.

Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.

Chapter 6: Packet Filtering

1 Chapter Overview TCP/IP DoD model. 2 Network Layer Protocols Responsible for end-to-end communications on an internetwork Contrast with data-link layer.

CHAPTER 11 Spoofing Attack. INTRODUCTION Definition Spoofing is the act of using one machine in the network communication to impersonate another. The.

CHAPTER 10 Session Hijacking. INTRODUCTION The act of taking over a connection of some sort, for examples, network connection, a modem connection or other.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

Day 14 Introduction to Networking. Unix Networking Unix is very frequently used as a server. –Server is a machine which “serves” some function Web Server.

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

Chapter 6-2 the TCP/IP Layers. The four layers of the TCP/IP model are listed in Table 6-2. The layers are The four layers of the TCP/IP model are listed.

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.

CIS 450 – Network Security Chapter 5 – Session Hijacking.

Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.

CHAPTER 9 Sniffing.

Chapter 8 Phase3: Gaining Access Using Network Attacks

1 The Attack and Defense of Computers Dr. 許富皓. 2 Network Architecture:

Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.

TCP Security Vulnerabilities Phil Cayton CSE

Hands-On Ethical Hacking and Network Defense

SEMINAR ON IP SPOOFING. IP spoofing is the creation of IP packets using forged (spoofed) source IP address. In the April 1989, AT & T Bell a lab was among.

Network Security Threats KAMI VANIEA 18 JANUARY KAMI VANIEA 1.

Telecommunications Networking II Lecture 41d Denial-of-Service Attacks.

Computer Network Architecture Lecture 6: OSI Model Layers Examples 1 20/12/2012.

Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review Last modified

TCP/IP1 Address Resolution Protocol Internet uses IP address to recognize a computer. But IP address needs to be translated to physical address (NIC).

CITA 352 Chapter 2 TCP/IP Concepts Review. Overview of TCP/IP Protocol –Language used by computers –Transmission Control Protocol/Internet Protocol (TCP/IP)

Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.

Comparison of Network Attacks COSC 356 Kyler Rhoades.

SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.

Presentation on ip spoofing BY

1 Lecture A.2: Security Problems in TCP/IP r Reference: Security Problems in the TCP/IP Protocol Suite : by Steve Bellovin r R-services r Source-routing.

TCP Sliding Windows For each TCP connection each hosts keep two Sliding Windows, send sliding window, and receive sliding window to make sure the correct.

An Introduction To ARP Spoofing & Other Attacks

General Classes of TCP/IP Problems

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

8 Network Layer Part V Computer Networks Tutun Juhana

Packet Sniffing.

Network Security: IP Spoofing and Firewall

Firewalls Purpose of a Firewall Characteristic of a firewall

IIT Indore © Neminath Hubballi

Intrusion Detection and Hackers Exploits IP Spoofing Attack

TCP Connection Management

Presentation transcript:

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04

IP Spoofing What is IP Spoofing? A technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host Base for IP spoofing The concept of IP spoofing was discovered as a security weakness in the IP protocol which carries the Source IP address and the TCP protocol which contains port and sequencing information.

IP protocol IP routing is hop by hop. Every IP packet is routed separately. The route of a IP packet is decided by all the routers the packet goes through. IP address spoofing is possible because routers only require inspection of the destination IP address in the packet to make routing decisions. The source IP address is not required by routers and an invalid source IP address will not affect the delivery of packets. That address is only used by the destination machine when it responds back to the source.

TCP Connection Establishment

Types of Spoofing attacks 1. Non-Blind Spoofing Takes place when the attacker is on the same subnet as the victim. This allows the attacker to sniff packets making the next sequence number available to him.

Types of Spoofing attacks (contd.) The first stage of this attack is to prevent Victim from sending RST packets to host Target once the attack begins. This can be done by flooding the Victim with SYN messages. Attacker initiates handshake message with the Target using the spoofed IP address. Target responds to the Victim with a SYN + ACK message which is sniffed by the Attacker to find out which sequence number is expected next for the ACK messages and sends it.

Types of Spoofing attacks – contd. Usually the attacker does not have access to the reply. e.g. Host C sends an IP datagram with the address of some other host (Host A) as the source address to Host B. Attacked host (B) replies to the legitimate host (A) The sequence and acknowledgement numbers from the victim are unreachable. In order to circumvent this, several packets are sent to the victim machine in order to sample sequence numbers. 2. Blind Spoofing

Types of Spoofing attacks – contd. Attacker connects to a TCP port on the victim prior to starting an attack to completes the three-way handshake, making sure that the initial sequence number (ISN) is recorded. This is repeated several times to determine the Round Trip Time (RTT) and the final ISN retained. The RTT is necessary to predict the next ISN. A spoofed ACK message is sent from the attacker to the server: ► If the NSN is less than what is expected by the actual server, it considers it as a resent message and ignores it. ► If the NSN is correctly guessed, the target server responds back. ► If the NSN is greater than the expected NSN but it is within the window of packets expected by the server, the server waits until all the packets prior to that are received. ► If the NSN is greater than the expected NSN and is beyond the window of expected packets, the server just discards the packet.

Types of Spoofing attacks – contd. 3. ICMP redirect The attacker sends a spoofed ICMP redirect message that appears to come from the host‘s default gateway. e.g. Host sends a forged ICMP packet to host , saying the route through is a better way to internet. The source IP address of this forged ICMP packet is the gateway’s IP address Then all the traffic from to internet will go through Forged packet Internet

Services Vulnerable to IP Spoofing 1. RPC (Remote Procedure Call services) RPC multiplexes many services on top of one framework. Portmapper directs clients to the service that they want. Some of these services include NIS, NFS, and Exchange mail. Portmapper is usually secure, but the services below it often are not. 2. Any service that uses IP address authentication 3. X Window system You can run programs on other people's displays, snoop their keystrokes and mouse movements, lock their screens etc. 4. R services suite (rlogin, rsh, etc.) To prevent these sorts of attacks, users should have uncrackable passwords, and all shell access should be strongly authenticated and encrypted.

How to prevent Spoofing Attacks 1. Avoid using the source address authentication. Implement cryptographic authentication system wide. 2. Disable all the r* commands, remove all.rhosts files and empty out the /etc/hosts.equiv file. This will force all users to use other means of remote access. 3. Configure your network to reject packets from the net that claim to originate from a local address. This is most commonly done with a router. 4. If you allow outside connections from trusted hosts, enable encryption sessions at the router.

TCP and IP spoofing Tools 1. Mendax for Linux is an easy-to-use tool for TCP sequence number prediction and rshd spoofing. number prediction and rshd spoofing. 2. spoofit.h is a nicely commented library for including IP spoofing functionality into your programs. 3. Ipspoof is a TCP and IP spoofing utility. 4. Hunt is a sniffer which also offers many spoofing functions. 5. Dsniff is a collection of tools for network auditing and interception of network traffic.

Resources /secondpage.html

Thank you Any Questions?