Presentation is loading. Please wait.

Presentation is loading. Please wait.

Spoofing Basics Presentation developed by A.F.M Bakabillah Cyber Security and Networking Consultant MCSA: Messaging, MCSE RHCE ITIL CEH.

Published byErnest Reed Modified over 6 years ago

Similar presentations

Presentation on theme: "Spoofing Basics Presentation developed by A.F.M Bakabillah Cyber Security and Networking Consultant MCSA: Messaging, MCSE RHCE ITIL CEH."— Presentation transcript:

1 Spoofing Basics Presentation developed by A.F.M Bakabillah Cyber Security and Networking Consultant MCSA: Messaging, MCSE RHCE ITIL CEH

2 Definition - What does Spoofing mean?
Spoofing, in general, is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver. Spoofing is most prevalent in communication mechanisms that lack a high level of security. In short Spoofing is "The False Digital Identity“.

3 Types of Spoofing IP Spoofing
Internet Protocol (IP) is the protocol used for transmitting messages over the Internet; it is a network protocol operating at layer 3 of the OSI model. IP spoofing is the act of manipulated the headers in a transmitted message to mask a hackers true identity so that the message could appear as though it is from a trusted source.

4 Types of Spoofing IP Spoofing - Attacks Man-in-the-Middle attack
In a Man-in-the-Middle attack, the message sent to a recipient is intercepted by a third-party which manipulates the packets and resends it own message. Denial of Service (DoS) Attack A DoS attack is when a attacker floods a system with more packets than its resources can handle. This then causes the system to overload and shut down. The source address is spoofed making it difficult to track from where are the attacks taking place.

5 Types of Spoofing IP Spoofing - Attacks Solutions
IP spoofing can be prevented by monitoring packets using network monitoring software. A filtering router could also be installed, on the router an ACL (access control list) is needed to block private addresses on your downstream interface. On the upstream interface source address originating outside of the IP valid range will be blocked from sending spoofed information

6 Types of Spoofing URL Spoofing
URL spoofing occurs when one website appears as if it is another. The URL that is displayed is not the real URL of the site, therefore the information is sent to a hidden web address.

7 Types of Spoofing URL Spoofing - Attacks Intrusion
URL spoofing is sometimes used to direct a user to a fraudulent site and by giving the site the same look and feel as the original site the user attempts to login with a username and password. The hacker collects the username and password then displays a password error and directs the user to the legitimate site. Using this technique the hacker could create a series of fake websites and steal a user's private information unknowingly.

8 Types of Spoofing URL Spoofing - Solutions
Security patches are released by web browsers which add the feature of revealing the "true" URL of a site in the web browser. It is important to check if your internet browser is vulnerable and to perform the necessary updates.

9 Types of Spoofing Email Spoofing
spoofing is the act of altering the header of an so that the appears to be sent from someone else

10 Types of Spoofing Email Spoofing – Attacks
Cause confusion or discredit a person Social Engineering (phishing) Hide identity of the sender (spamming)

11 Types of Spoofing Email Spoofing – Solutions
Check the content of the Is the content weird in some way, or really unexpected from the sender? Does it contain a form? Does it request to either confirm or update login or any kind of information? Check the header of the

12 Spoofing – Example [Man-in-the-middle]
This is the simple scenario, and I try to draw it in a picture. Victim --- Attacker - Router Victim IP address : Attacker network interface : eth0; with IP address : Router IP address : Requirements: Kali Linux Arpspoof Driftnet Urlsnarf

13 Spoofing – Example Steps: Open the terminal in kali linux.
Enable IP forwrding in your machine. # echo 1 > /proc/sys/net/ipv4/ip_forward setting up arpspoof between victim and router. # arpspoof –i eth0 –t After then setting up arpspoof from to capture all packet from router to victim. #arpspoof –I eth0 –t After step three and four, now all the packet sent or received by victim should be going through attacker machine. Now we can try to use driftnet to monitor all victim image traffic. According to its website, Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.

14 Spoofing - Example Steps: Run driftnet # driftnet – i eth0
When victim browse a website with image, driftnet will capture all image traffic . Now we can try to use driftnet to monitor all victim image traffic. According to its website, Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic. To stop driftnet, just close the driftnet window or press CTRL + C in the terminal. For the next step we will try to capture the website information/data by using urlsnarf. To use urlsnarf, just run this command: # urlsnarf -i eth0 and urlsnarf will start capturing all website address visited by victim machine. When victim browse a website, attacker will know the address victim visited.

15 URL Spoofing [ Site Cloning] , Example
phishing/

16 DoS Attack - Example In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. DoS using hping3 with random source IP hping3 -c d 120 -S -w 64 -p 21 --flood --rand-source

17 DoS Attack - Example Let me explain the syntax’s used in this command:
hping3 = Name of the application binary. -c = Number of packets to send. -d 120 = Size of each packet that was sent to target machine. -S = I am sending SYN packets only. -w 64 = TCP window size. -p 21 = Destination port (21 being FTP port). You can use any port here. --flood = Sending packets as fast as possible, without taking care to show incoming replies. Flood mode. --rand-source = Using Random Source IP Addresses. You can also use -a or –spoof to hide hostnames. See MAN page below. = Destination IP address

18 DoS Attack - Example So how do you know it’s working? In hping3 flood mode, we don’t check replies received (actually you can’t because in this command we’ve used – rand-souce flag which means the source IP address is not yours anymore.) Took me just 5 minutes to completely make this machines unresponsive (that’s the definition of DoS – Denial of Service). In short, if this machine was a Web server, it wouldn’t be able to respond to any new connections and even if it could, it would be really really slow.

19 Thank You

Download ppt "Spoofing Basics Presentation developed by A.F.M Bakabillah Cyber Security and Networking Consultant MCSA: Messaging, MCSE RHCE ITIL CEH."

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.

Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Man in the Middle attacks and ARP poisoning explained

Man in the Middle attacks and ARP poisoning explained
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi
Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)

Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)
1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen

1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen
ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.

ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.
CHAPTER 11 Spoofing Attack. INTRODUCTION Definition Spoofing is the act of using one machine in the network communication to impersonate another. The.

CHAPTER 11 Spoofing Attack. INTRODUCTION Definition Spoofing is the act of using one machine in the network communication to impersonate another. The.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

Similar presentations

Ads by Google