Seminar Presentation IP Spoofing Attack, detection and effective method of prevention. Md. Sajan Sana Ansari Id: 201206680 9/8/20151.

Slides:

Advertisements

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Advertisements

CISCO NETWORKING ACADEMY PROGRAM (CNAP)

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.

Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Network Attacks Mark Shtern.

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Firewalls and Intrusion Detection Systems

Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.

Detecting SYN-Flooding Attacks ＡａｒｏｎＢｅａｃｈＣＳ３９５ＮｅｔｗｏｒｋＳｅｃｕｒｉｔｙＳｐｒｉｎｇ２００４.

Page: 1 Director 1.0 TECHNION Department of Computer Science The Computer Communication Lab (236340) Summer 2002 Submitted by: David Schwartz Idan Zak.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Detecting SYN-Flooding Attacks ＡａｒｏｎＢｅａｃｈＣＳ３９５ＮｅｔｗｏｒｋＳｅｃｕｒｉｔｙＳｐｒｉｎｇ２００４.

1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

Defense Against DDoS Presented by Zhanxiang for [Crab] Apr. 15, 2004.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

Review of IP traceback Ming-Hour Yang The Department of Information & Computer Engineering Chung Yuan Christian University

FIREWALL Mạng máy tính nâng cao-V1.

Exploring the Packet Delivery Process Chapter

Dynamic Routing Protocols  Function(s) of Dynamic Routing Protocols: – Dynamically share information between routers (Discover remote networks). – Automatically.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 12: Routing.

1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen

Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.

Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,

CHAPTER 11 Spoofing Attack. INTRODUCTION Definition Spoofing is the act of using one machine in the network communication to impersonate another. The.

SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.

1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 6 Delivery and Routing of IP Packets.

Delivery, Forwarding, and Routing of IP Packets

Othman Othman M.M., Koji Okamura Kyushu University 1.

1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies

GORAN OSIM AND TIM MYERS CPSC 424 DDOS AND THE SYSADMIN.

A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.

Group 8 Distributed Denial of Service. DoS SYN Flood DDoS Proposed Algorithm Group 8 What is Denial of Service? “Attack in which the primary goal is to.

Packet-Marking Scheme for DDoS Attack Prevention

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )

Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.

Denial of Service DoS attacks try to deny legimate users access to services, networks, systems or to other resources. There are DoS tools available, thus.

Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.

DoS/DDoS attack and defense

SEMINAR ON IP SPOOFING. IP spoofing is the creation of IP packets using forged (spoofed) source IP address. In the April 1989, AT & T Bell a lab was among.

Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.

What's a Firewall? A security system that acts as a protective boundary between a network and the outside world Isolates computer from the internet using.

Denial of Service Attacks Simulating Strategic Firewall Placement By James Box, J.A. Hamilton Jr., Adam Hathcock, Alan Hunt.

Secure Single Packet IP Traceback Mechanism to Identify the Source Zeeshan Shafi Khan, Nabila Akram, Khaled Alghathbar, Muhammad She, Rashid Mehmood Center.

First generation firewalls packets filtering ريماز ابراهيم محمد علي دعاء عادل محمد عسجد سامي عبدالكريم.

A Classification for Access Control List To Speed Up Packet-Filtering Firewall CHEN FAN, LONG TAN, RAWAD FELIMBAN and ABDELSHAKOUR ABUZNEID Department.

Improving Security Over Ipv6 Authentication Header Protocol using IP Traceback and TTL Devon Thomas, Alex Isaac, Majdi Alharthi, Ali Albatainah & Abdelshakour.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.

Comparison of Network Attacks COSC 356 Kyler Rhoades.

Presentation on ip spoofing BY

Computer Data Security & Privacy

Error and Control Messages in the Internet Protocol

Defending Against DDoS

Troubleshooting IP Communications

Introduction to Networking

Defending Against DDoS

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.

IP Traceback Problem: How do we determine where malicious packet came from ? It’s a problem because attacker can spoof source IP address If we know where.

Session 20 INST 346 Technologies, Infrastructure and Architecture

Presentation transcript:

Seminar Presentation IP Spoofing Attack, detection and effective method of prevention. Md. Sajan Sana Ansari Id: /8/20151

Outlines  Introduction to IP spoofing  IP spoofing attack  Detection strategies  Prevention method  Comparision  Summary  Conclusion 9/8/20152

IP Spoofing  IP spoofing is simply refer as creating forged (fake) ip address by an attacker with intension of concealing identity of sender.  Attacker selects trusted ip address so that access control list in firewall can not recognize it.  According to a study [2] there are at least four thousand such attacks occures every week in the Internet. 9/8/20153

Process of ip spoofing attack SYN (SeqNo=X) SYN-ACK (SeqNo=Y, ACK=X+1) ACK (SeqNo=X+1, ACK=Y+1) 9/8/20154

Process of ip spoofing attack 1)An attacker firstly create forged ip address using tools like hping and then attack and control the victim node 2)It sends a SYN connection request to server by disguising (concealing) IP address of victim node 3)Server receives the request, server sends a SYN-ACK to victim node, but Victim node can not receive the message actually. 4)Once the hacker gets the SeqNo (sequence number), it can send ACK to server again 5)The connection is established between the hacker and server 6)Now attack is running 9/8/20155

Detection Method by Trace Route model[1] Fig : Trace route model [1] 9/8/20156

Prevention strategies (Trace Rout Method) [1] Fig : flow chart of prevention system 9/8/20157

(1) IP Authentication Module  This module is used to judge whether source host is a trusted node. The information of IP authentication includes node name, node IP address, hop count from itself to target node. Only when the user pass the IP authentication, it is considered as an trusted node, Otherwise the user is considered as an node from outer site. (2) Trace route Module  In this module, it process trace route from detection node to source node. If source host is trusted node, the result information of trace route is "host reachable", otherwise, when IP spoofing attack occurs, the result information is "host unreachable". At the same time, the rule base and log base will be updated dynamically. The result of trace route is sent to the implementation module. Prevention Method using Trace Rout model [1] 9/8/20158

Prevention strategies (Packet Funneling method)[2] 1.When packet of a new user is received, the user is entered in the AIP (active ip) table, its timeout value is set, and the packet is forwarded to its destination. 2.The size of the AIP table is a parameter set by the administrator according to the average number of expected users. 3.The Waiting Matrix stores the arriving packets of each delayed user until one of the active users times out and is thus removed from the AIP table. 4. When the memory is entirely consumed, the packets will be dropped instead of delayed. 9/8/20159

Some other Common Prevention strategies [3] To prevent IP spoofing happen in network, the following are some common practices: 1.Hop-Count Filtering  Hop-count filtering [3] is a victim based solution relying on Hop-Count method.  The number of hops between source and destination is indicated by the TTL field in an IP packet.  Linking the source IP with the statistical number of hops to reach the destination can be used to assess the authenticity of the claimed IP source. 9/8/201510

Some other Common Prevention strategies [3] 2. Router Based Solution  The routers are modified to provide :  encryption,  digital signatures, and  authentication,  It enables the tracing of a packet back to its origin and thus stopping further traffic at the closest intelligent router point. 9/8/201511

Some other Common Prevention strategies [3] 3. Traffic Level Measurements  The module relies on a buffer through which all incoming traffic enters.  Traffic level is continuously monitored and when it shoots to high levels, most incoming packets will be dropped.  The module thus attempts to isolate the server from the attack 9/8/201512

Comparison 1.Packet funneling is a load balancing solution that would delay heavy traffic on the server.The IP pattern of a normal user will have repetitive occurrences. It is easy approach for a small group of network. 2.Hop -Count process depends heavily on assumptions and probabilistic methods, rendering the method inaccurate. 3.Even though “Router based solution” provides more secure and private communication between the routers involved, a tremendous amount of complexity is introduced. 9/8/201513

Comparison 4.Traffic level counter measure is not effective way to prevent ip spoofing due to the reason of simply controlling the pick traffic level, where legitimate request may suffer to access the server. 5.Trace rout method is effective defense method where attacker is detected by tracing out the rout with the help of trusted adjacent node in network, if source ip is unreachable it drops the packet. 9/8/201514

Comparison 9/8/ Table (1): comparison among different prevention strategies of IP spoofing attack

Summary  We discussed what the ip spoofing is and how ip spoofing attack is proceed.  We discussed how to detect ip spoofing Attack  We discussed different types of measure to prevent ip spoofing attack such as: Trace Rout model, Packet Funneling, and some common prevention technique  We compared these technique of prevention. 9/8/201516

Conclusion IP spoofing attack on network is severe problem of consideration as it encounters many cases per day in the world of internet. Hence, the effective prevention strategies should be evaluated. By studying several prevention strategies Trace Rout strategies is effective way to control the attacker in network. 9/8/201517

References [1] Yunji Ma,” An Effective Method for Defense against IP Spoofing Attack”, Department of Network Engineering University of Science and Technology LiaoNing Anshan, China,2010 [2] N. Arumugam, C. Venkatesh,” A NOVEL SCHEME FOR DETECTING AND PREVENTING SPOOFED IP ACCESS ON NETWORK USING IP2HP FILTER ”, © Asian Research Publishing Network (ARPN), Dec 2011 [3] Antonio Challita, Mona El Hassan, Sabine Maalouf, Adel Zouheiry,” A Survey of DDoS Defense Mechanisms”, Department of Electrical and Computer Engineering, American University of Beirut [4] T. Baba and S. Matsuda, "Tracing network attacks to their sources,“ IEEE Internet Computing, [5] I. B. Mopari, S. G. Pukale and M. L. Dhore, "Detection and defense against DDoS attack with IP spoofing," International Conference on Computing, Communication and Networking, 2008, pp. 1-5, Dec [6] A. Bremler-Barr and H. Levy, "Spoofing prevention method," 24 th Annual Jiont Conference of the IEEE Computer and Communications Societies, March /8/201518

Thanks Accept my sincere thanks for listening. Any question and suggestion !! 9/8/201519