IP Spoofing, CS2651 IP Spoofing Bao Ho ToanTai Vu CS 265 - Security Engineering Spring 2003 San Jose State University.

Slides:



Advertisements
Similar presentations
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Advertisements

Computer Security and Penetration Testing
CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
1 Reading Log Files. 2 Segment Format
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Network Attacks Mark Shtern.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Lecture 15 Denial of Service Attacks
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
Attacks and Malicious Code Chapter 3. Learning Objectives Explain denial-of-service (DoS) attacks Explain and discuss ping-of-death attacks Identify major.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
CS426Fall 2010/Lecture 331 Computer Security CS 426 Lecture 33 Network Security (1)
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 24 November 11, 2004.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
IIT Indore © Neminath Hubballi
Computer Security and Penetration Testing
Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)
Firewalls. Evil Hackers FirewallYour network Firewalls mitigate risk Block many threats They have vulnerabilities.
Network security Further protocols and issues. Protocols: recap There are a few main protocols that govern the internet: – Internet Protocol: IP – Transmission.
CHAPTER 11 Spoofing Attack. INTRODUCTION Definition Spoofing is the act of using one machine in the network communication to impersonate another. The.
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:
CHAPTER 10 Session Hijacking. INTRODUCTION The act of taking over a connection of some sort, for examples, network connection, a modem connection or other.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
TCP/IP Vulnerabilities
Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Lecture 22 Network Security CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini.
CHAPTER 9 Sniffing.
CS526Topic 18: Network Security1 Information Security CS 526 Network Security (1)
Denial of Service Attacks
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
________________ CS3235, Nov 2002 (Distributed) Denial of Service Relatively new development. –Feb 2000 saw attacks on Yahoo, buy.com, ebay, Amazon, CNN.
Lesson 7: Network Security and Attacks. Computer Security Operational Model Protection = Prevention+ (Detection + Response) Access Controls Encryption.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.
TCP Security Vulnerabilities Phil Cayton CSE
Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://
DoS/DDoS attack and defense
SEMINAR ON IP SPOOFING. IP spoofing is the creation of IP packets using forged (spoofed) source IP address. In the April 1989, AT & T Bell a lab was among.
Network Security Threats KAMI VANIEA 18 JANUARY KAMI VANIEA 1.
Telecommunications Networking II Lecture 41d Denial-of-Service Attacks.
© 2002, Cisco Systems, Inc. All rights reserved..
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
Denail of Service(Dos) Attacks & Distributed Denial of Service(DDos) Attacks Chun-Chung Chen.
Network Security 1. Overview What is security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures Firewalls & Intrusion.
FIREWALLS An Important Component in Computer Systems Security By: Bao Ming Soh.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
Presentation on ip spoofing BY
General Classes of TCP/IP Problems
Domain 4 – Communication and Network Security
Error and Control Messages in the Internet Protocol
Network Security: IP Spoofing and Firewall
IIT Indore © Neminath Hubballi
Intrusion Detection and Hackers Exploits IP Spoofing Attack
Presentation transcript:

IP Spoofing, CS2651 IP Spoofing Bao Ho ToanTai Vu CS Security Engineering Spring 2003 San Jose State University

IP Spoofing, CS2652 Presentation Outline n Introduction, Background n Attacks with IP Spoofing n Counter Measures n Summary

IP Spoofing, CS2653 IP Spoofing n IP Spoofing is a technique used to gain unauthorized access to computers. –IP: Internet Protocol –Spoofing: using somebdody else’s information n Exploits the trust relationships n Intruder sends messages to a computer with an IP address of a trusted host.

IP Spoofing, CS2654 IP / TCP n IP is connectionless, unreliable n TCP connection-oriented TCP/IP handshake A  B: SYN; my number is X B  A: ACK; now X+1 SYN; my number is Y A  B: ACK; now Y+1

IP Spoofing, CS2655 A blind Attack Host I cannot see what Host V send back

IP Spoofing, CS2656 IP Spoofing Steps n Selecting a target host (the victim) n Identify a host that the target “trust” n Disable the trusted host, sampled the target’s TCP sequence n The trusted host is impersonated and the ISN forged. n Connection attempt to a service that only requires address-based authentication. n If successfully connected, executes a simple command to leave a backdoor.

IP Spoofing, CS2657 IP Spoofing Attacks n Man in the middle n Routing n Flooding / Smurfing

IP Spoofing, CS2658 Attacks Man - in - the - middle: Packet sniffs on link between the two endpoints, and therefore can pretend to be one end of the connection.

IP Spoofing, CS2659 Attacks n Routing re-direct: redirects routing information from the original host to the attacker’s host. n Source routing: The attacker redirects individual packets by the hacker’s host.

IP Spoofing, CS26510 Attacks n Flooding: SYN flood fills up the receive queue from random source addresses. n Smurfing: ICMP packet spoofed to originate from the victim, destined for the broadcast address, causing all hosts on the network to respond to the victim at once.

IP Spoofing, CS26511 IP-Spoofing Facts n IP protocol is inherently weak n Makes no assumption about sender/recipient n Nodes on path do not check sender’s identity n There is no way to completely eliminate IP spoofing n Can only reduce the possibility of attack

IP Spoofing, CS26512 IP-Spoofing Counter-measures n No insecure authenticated services n Disable commands like ping n Use encryption n Strengthen TCP/IP protocol n Firewall n IP traceback

IP Spoofing, CS26513 No insecure authenticated services n r* services are hostname-based or IP-based n Other more secure alternatives, i.e., ssh n Remove binary files n Disable in inet, xinet n Clean up.rhost files and /etc/host.equiv n No application with hostname/IP-based authentication, if possible

IP Spoofing, CS26514 Disable ping command n ping command has rare use n Can be used to trigger a DOS attack by flooding the victim with ICMP packets n This attack does not crash victim, but consume network bandwidth and system resources n Victim fails to provide other services, and halts if runs out of memory

IP Spoofing, CS26515 DOS using Ping

IP Spoofing, CS26516 Use Encryption n Encrypt traffic, especially TCP/IP packets and Initial Sequence Numbers n Kerberos is free, and is built-in with OS n Limit session time n Digital signature can be used to identify the sender of the TCP/IP packet.

IP Spoofing, CS26517 Strengthen TCP/IP protocol n Use good random number generators to generate ISN n Shorten time-out value in TCP/IP request n Increase request queue size n Cannot completely prevent TCP/IP half-open- connection attack n Can only buy more time, in hope that the attack will be noticed.

IP Spoofing, CS26518 Firewall n Limit traffic to services that are offered n Control access from within the network n Free software: ipchains, iptables n Commercial firewall software n Packet filters: router with firewall built-in n Multiple layer of firewall

IP Spoofing, CS26519 Network layout with Firewall

IP Spoofing, CS26520 IP Trace-back n To trace back as close to the attacker’s location as possible n Limited in reliability and efficiency n Require cooperation of many other network operators along the routing path n Generally does not receive much attention from network operators

IP Spoofing, CS26521 Summary/Conclusion n IP spoofing attacks is unavoidable. n Understanding how and why spoofing attacks are used, combined with a few simple prevention methods, can help protect your network from these malicious cloaking and cracking techniques.

IP Spoofing, CS26522 References n IP-spoofing Demystified (Trust-Relationship Exploitation), Phrack Magazine Review, Vol. 7, No. 48, pp , n Security Enginerring: A Guide to Building Dependable Distributed Systems, Ross Anderson, pp. 371 n Introduction to IP Spoofing, Victor Velasco, November 21, 2000, n A Large-scale Distributed Intrusion Detection Framework Based on Attack Strategy Analysis, Ming-Yuh Huang, Thomas M. Wicks, Applied Research and Technology, The Boeing Company n Internet Vulnerabilities Related to TCP/IP and T/TCP, ACM SIGCOMM, Computer Communication Review n IP Spoofing, n Distributed System: Concepts and Design, Chapter 7, by Coulouris, Dollimore, and Kindberg n FreeBSD IP Spoofing, n IP Spoofing Attacks and Hijacked Terminal Connections, n Network support for IP trace-back, IEEE/ACM Transactions on Networking, Vol. 9, No. 3, June 2001 n An Algebraic Approach to IP Trace-back, ACM Transactions on Information and System Security, Vol. 5, No. 2, May 2002 n Web Spoofing. An Internet Con Game,

IP Spoofing, CS26523 Questions / Answers