Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presentation on ip spoofing BY

Published byPosy Skinner Modified over 8 years ago

Similar presentations

Presentation on theme: "Presentation on ip spoofing BY"— Presentation transcript:

1 Presentation on ip spoofing BY
Prashant Singh CS-73

2 Contents What is IP Spoofing? When IP Spoofing Occurs?
3-Way Handshake in TCP/IP How Spoofing take place? Basic Concept of Spoofing Why IP Spoofing is so easy? Types of Spoofing Attack Stopping IP address Spoofing Attack Detection of IP Spoofing Attack How we prevent IP Spoofing? Our Misconception Software for IP Spoofing Software to Stop IP Spoofing References

3 What is IP Spoofing? IP spoofing is a technique used to gain unauthorized access to computers, where by the attacker sends messages to a computer with a forging IP address indicating that the message is coming from a trusted host Attacker puts an internal, or trusted, IP address as its source. The access control device sees the IP address as trusted and lets it through

4 What is IP Spoofing?

5 What is IP Spoofing?

6 When Spoofing occurs? IP spoofing occurs when a hacker inside or outside a network impersonates the conversations of a trusted computer. Two general techniques of IP spoofing: A hacker uses an IP address that is within the range of trusted IP addresses. A hacker uses an authorized external IP address that is trusted

7 3-Way Handshake in TCP/IP
The client selects and transmits an initial sequence number ISNC ,the server acknowledges it and sends its own sequence number ISNS ,and the client acknowledges it. The exchange may show schematically as follows CS: SYN(ISNC) SC: SYN(ISNS) , ACK(ISNC) CS: ACK(ISNS) CS: DATA OR SC: DATA

8 How Spoofing take place?
Suppose, there is a way for an intruder X to predict ISNS .In this case , it could send the following sequence to impersonate trusted host T : XS: SYN(ISNX ) , SRC=T ST: SYN(ISNS) , ACK(ISNX) XS: ACK(ISNS) , SRC=T XS: ACK(ISNS) , SRC=T , nasty data

9 Basic Concept of IP Spoofing
Src_IP dst_IP Any (>1024) Src_port 80 dst_port spoofed Src_IP dst_IP Any (>1024) Src_port 80 dst_port

10 IP Spoofing Attacker- it is right at the upper corner

11 Why IP Spoofing is so easy?
Problem with the Routers. Routers look at Destination addresses only. Authentication based on Source addresses only. To change source address field in IP header field is easy by the use of the software.

12 Types of Spoofing Attack
The number of IP Spoofing attacks are: Non-Blinding Attack This attack take place when the Victim and the Attacker are on the same network. In this the we have to make the assumption to find the sequence number passed from Target to Victim.

13 Non- Blinding Spoofing

14 Spoofing Attacks Blind Spoofing
It is mainly used to abuse the trust relationship between hosts. Today, most OSs implement random sequence number generation, making it difficult to predict them accurately. In this many packet are sent to the victim

15 Oops, many packets are coming. But, who is the real source?
Spoofing Attacks: Blinding Attack sender ip spoofed packet dst: victim src: random Oops, many packets are coming. But, who is the real source? flooding attack victim

16 intercept / block / delay traffic
Spoofing Attacks: Man in the Middle Attack( Connection Hijacking) In this the attacker control the gateway that is in the delivery route, he can sniff the traffic intercept / block / delay traffic modify traffic

17 Spoofing Attacks:

18 Spoofing Attacks:

19 Spoofing Attacks: ICMP Echo attacks Map the hosts of a network
The attack sends ICMP echo datagram to all the hosts in a subnet, then he collects the replies and determines which hosts are alive. Denial of service attack (SMURF attack) The attack sends spoofed (with victim‘s IP address) ICMP Echo Requests to subnets, the victim will get ICMP Echo Replies from every machine.

20 Smurf Attack

21 Spoofing Attacks: ICMP Redirect attacks
ICMP redirect messages can be used to re-route traffic on specific routes or to a specific host that is not a router at all. The ICMP redirect attack is very simple: just send a spoofed ICMP redirect message that appears to come from the host‘s default gateway.

22 ICMP Redirect attacks

23 ICMP Redirect attacks

24 ICMP destination unreachable attacks
ICMP destination unreachable message is used by gateways to state that the datagram cannot be delivered. It can be used to “cut” out nodes from the network. It is a denial of service attack (DOS) Example: An attacker injects many forged destination unreachable messages stating that is unreachable) into a subnet (e.g *). If someone from the * net tries to contact , he will immediately get an ICMP Time Exceeded from the attacker‘s host. For * this means that there is no way to contact , and therefore communication fails.

25 ICMP destination unreachable attacks

26 Stopping IP address spoofing attack
Packet filtering The router that connects a network to another network is known as a border router. One way to mitigate the threat of IP spoofing is by inspecting packets when they leave and enter a network looking for invalid source IP addresses. If this type of filtering were performed on all border routers, IP address spoofing would be greatly reduced. Ingress Filtering Egress Filtering

27 Packet filtering You are spoofing! You are spoofing! You are spoofing! srcip: × srcip: /23 × srcip: RT.a RT.b × × srcip: /24 × srcip: srcip: Hmm, this looks ok...but.. You are spoofing! You are spoofing! we can check and drop the packets which have unused address everywhere, but used space can be checked before aggregation

28 Detection of IP Spoofing
If you monitor packets using network-monitoring software such as netlog, look for a packet on your external interface that has both its source and destination IP addresses in your local domain. If you find one, you are currently under attack

29 Detection of IP Spoofing
Another way to detect IP spoofing is to compare the process accounting logs between systems on your internal network. If the IP spoofing attack has succeeded on one of your systems, you may get a log entry on the victim machine showing a remote access; on the apparent source machine, there will be no corresponding entry for initiating that remote access

30 How we prevent IP Spoofing?
To prevent IP spoofing happen in your network, the following are some common practices: 1- Avoid using the source address authentication. Implement cryptographic authentication system-wide Configuring your network to reject packets from the Net that claim to originate from a local address Implementing ingress and egress filtering on the border routers and implement an ACL (access control list) that blocks private IP addresses on your downstream interface. If you allow outside connections from trusted hosts, enable encryption sessions

31 Our Misconception

32 Software for IP Spoofing
 Mac Spoofing Macaroni Screen Saver Bundle SpoofMAC  sTerm   MAC Change

33 Software to Stop IP Spoofing
StopCut  Find Mac Address pro SecurityGateway for Exchange / SMTP  PacketCreator  Responder Pro

34 References

35 THANK YOU

Download ppt "Presentation on ip spoofing BY"

Similar presentations

06-Sep-2006Copyright (C) 2006 Internet Initiative Japan Inc.1 Prevent DoS using IP source address spoofing MATSUZAKI ‘maz’ Yoshinobu.

06-Sep-2006Copyright (C) 2006 Internet Initiative Japan Inc.1 Prevent DoS using IP source address spoofing MATSUZAKI ‘maz’ Yoshinobu.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.

Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.

Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
IP Spoofing, CS2651 IP Spoofing Bao Ho ToanTai Vu CS 265 - Security Engineering Spring 2003 San Jose State University.

IP Spoofing, CS2651 IP Spoofing Bao Ho ToanTai Vu CS Security Engineering Spring 2003 San Jose State University.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
1 CCNA 2 v3.1 Module 8. 2 TCP/IP Suite Error and Control Messages CCNA 2 Module 8.

1 CCNA 2 v3.1 Module 8. 2 TCP/IP Suite Error and Control Messages CCNA 2 Module 8.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
FIREWALL Mạng máy tính nâng cao-V1.

FIREWALL Mạng máy tính nâng cao-V1.
IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi
1 Version 3.1 modified by Brierley Module 8 TCP/IP Suite Error and Control Messages.

1 Version 3.1 modified by Brierley Module 8 TCP/IP Suite Error and Control Messages.

Similar presentations

Ads by Google