Presentation is loading. Please wait.

Presentation is loading. Please wait.

IP-Spoofing and Source Routing Connections

Published bySuhendra Lesmana Modified over 6 years ago

Similar presentations

Presentation on theme: "IP-Spoofing and Source Routing Connections"— Presentation transcript:

1 IP-Spoofing and Source Routing Connections

2 Overview First words Spoofing Linux configuration Sniffing
IP-spoofing with source routing Vanilla IP-spoofing Ending

3 First Words This speech will discuss router/firewall problems
Include spoofing examples Not session hijacking or TCP/UDP-spoofing

4 Spoofing Internet protocol (IP) spoofing: 1. The creation of IP packets with counterfeit (spoofed) IP source addresses. 2. A method of attack used by network intruders to defeat network security measures such as authentication based on IP addresses. Note 1: An attack using IP spoofing may lead to unauthorized user access, and possibly root access, on the targeted system Note 2: A packet-filtering-router firewall may not provide adequate protection against IP spoofing attacks. It is possible to route packets through this type of firewall if the router is not configured to filter incoming packets having source addresses on the local domain Note 3: IP spoofing is possible even if no reply packets can reach the attacker. Note 4: A method for preventing IP spoofing problems is to install a filtering router that does not allow incoming packets to have a source address different from the local domain In addition, outgoing packets should not be allowed to contain a source address different from the local domain, in order to prevent an IP spoofing attack from originating from the local network.

5 Linux 2.0.X Configuration IP forwarding enabled
IP drop source routed frames disabled IP aliasing enabled

6 Sniffing Siphon Dsniff Tcpdump B.2 A.1 B.1 C.1 C.3 C.2 E.2 D.1 E.1

7 IP-Spoofing with Source Route
Why source route? Example: Full connection IP-spoof with source route

8 Why source route? 1/3 Choose path A.1 B.1 A.3 B.3 A.2 B.2

9 Why source route? 2/3 Two networks have same network number A.2 A.1
D.1 D.1 D.2 D.2

10 Why source route? 3/3 When IP-spoofing as an internal IP-address through a filtering router you don’t get any responses back B.2 B.1 A.2 A.1 ”B.3” B.3

11 Full Connection IP-Spoof with Source Route
net E => net B deny B.2 A.1 B.1 C.1 ”A.2” C.2 E.2 D.1 E.1 ifconfig eth0:0 A.2 route add -net A eth0:0 nc -n -v -s A.2 -g E.2 E.2 23 nc -n -v -s A.2 -g E.2 E.1 23 nc -n -v -s A.2 -g E.2 -g E.1 C.1 23 nc -n -v -s A.2 -g E.2 -g E.1 -g C.1 B.2 23

12 Full Connection Vanilla IP-Spoof
Easy to IP-spoof as A.2 and sniff the responses Don’t get a full connection ”A.2” b.U.3 B.2 A.1 B.1 a.U.1 c.U.2 net A => net B allow any => any deny

13 Full Connection Vanilla IP-Spoof
”a.A.2” b.U.3 B.2 A.1 B.1 a.U.1 c.U.2 net A => net B allow any => any deny ifconfig eth0 down ifconfig eth0 hw ether a ifconfig eth0 A.2 route add -net A eth0 ifconfig eth0:0 U.3 route add -net U eth0 route add default gw U.2

14 Ending Very easy way to establish full connections
Same attack on local network ”a.X.1” b.A.2 c.A.3 a.A.1

15 Ending Solution: Disable “Source Routing” (part of IP-options) (Default on firewalls, not default on routers) Implement spoofing protection (Not default on all firewalls) Do not use filter rules over an untrusted network Use VPN

16 Ending Questions?

Download ppt "IP-Spoofing and Source Routing Connections"

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.

Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Data Security in Local Networks using Distributed Firewalls

Data Security in Local Networks using Distributed Firewalls
M2M Gateway Features Jari Lahti, CTO www.violasystems.com.

M2M Gateway Features Jari Lahti, CTO
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.

Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.
January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.

January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 12: Routing.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 12: Routing.
Objectives Configure routing in Windows Server 2008 Configure Network Address Translation 1.

Objectives Configure routing in Windows Server 2008 Configure Network Address Translation 1.
1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.

1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.
Internet and Intranet Fundamentals Class 9 Session A.

Internet and Intranet Fundamentals Class 9 Session A.
Access Control List (ACL)

Access Control List (ACL)
1 實驗九:建置網路安全閘道器 教師: 助教:. 2 Outline  Background  Proxy – Squid  Firewall – IPTables  VPN – OpenVPN  Experiment  Internet gateway  Firewall  VPN.

1 實驗九:建置網路安全閘道器 教師: 助教:. 2 Outline  Background  Proxy – Squid  Firewall – IPTables  VPN – OpenVPN  Experiment  Internet gateway  Firewall  VPN.

Similar presentations

Ads by Google