Presentation is loading. Please wait.

Presentation is loading. Please wait.

Seminar Presentation IP Spoofing Attack, detection and effective method of prevention. Md. Sajan Sana Ansari Id: 201206680 9/8/20151.

Published byGervais Smith Modified over 9 years ago

Similar presentations

Presentation on theme: "Seminar Presentation IP Spoofing Attack, detection and effective method of prevention. Md. Sajan Sana Ansari Id: 201206680 9/8/20151."— Presentation transcript:

1 Seminar Presentation IP Spoofing Attack, detection and effective method of prevention. Md. Sajan Sana Ansari Id: 201206680 9/8/20151

2 Outlines  Introduction to IP spoofing  IP spoofing attack  Detection strategies  Prevention method  Comparision  Summary  Conclusion 9/8/20152

3 IP Spoofing  IP spoofing is simply refer as creating forged (fake) ip address by an attacker with intension of concealing identity of sender.  Attacker selects trusted ip address so that access control list in firewall can not recognize it.  According to a study [2] there are at least four thousand such attacks occures every week in the Internet. 9/8/20153

4 Process of ip spoofing attack 1 2 4 3 SYN (SeqNo=X) SYN-ACK (SeqNo=Y, ACK=X+1) ACK (SeqNo=X+1, ACK=Y+1) 9/8/20154

5 Process of ip spoofing attack 1)An attacker firstly create forged ip address using tools like hping and then attack and control the victim node 2)It sends a SYN connection request to server by disguising (concealing) IP address of victim node 3)Server receives the request, server sends a SYN-ACK to victim node, but Victim node can not receive the message actually. 4)Once the hacker gets the SeqNo (sequence number), it can send ACK to server again 5)The connection is established between the hacker and server 6)Now attack is running 9/8/20155

6 Detection Method by Trace Route model[1] Fig : Trace route model [1] 9/8/20156

7 Prevention strategies (Trace Rout Method) [1] Fig : flow chart of prevention system 9/8/20157

8 (1) IP Authentication Module  This module is used to judge whether source host is a trusted node. The information of IP authentication includes node name, node IP address, hop count from itself to target node. Only when the user pass the IP authentication, it is considered as an trusted node, Otherwise the user is considered as an node from outer site. (2) Trace route Module  In this module, it process trace route from detection node to source node. If source host is trusted node, the result information of trace route is "host reachable", otherwise, when IP spoofing attack occurs, the result information is "host unreachable". At the same time, the rule base and log base will be updated dynamically. The result of trace route is sent to the implementation module. Prevention Method using Trace Rout model [1] 9/8/20158

9 Prevention strategies (Packet Funneling method)[2] 1.When packet of a new user is received, the user is entered in the AIP (active ip) table, its timeout value is set, and the packet is forwarded to its destination. 2.The size of the AIP table is a parameter set by the administrator according to the average number of expected users. 3.The Waiting Matrix stores the arriving packets of each delayed user until one of the active users times out and is thus removed from the AIP table. 4. When the memory is entirely consumed, the packets will be dropped instead of delayed. 9/8/20159

10 Some other Common Prevention strategies [3] To prevent IP spoofing happen in network, the following are some common practices: 1.Hop-Count Filtering  Hop-count filtering [3] is a victim based solution relying on Hop-Count method.  The number of hops between source and destination is indicated by the TTL field in an IP packet.  Linking the source IP with the statistical number of hops to reach the destination can be used to assess the authenticity of the claimed IP source. 9/8/201510

11 Some other Common Prevention strategies [3] 2. Router Based Solution  The routers are modified to provide :  encryption,  digital signatures, and  authentication,  It enables the tracing of a packet back to its origin and thus stopping further traffic at the closest intelligent router point. 9/8/201511

12 Some other Common Prevention strategies [3] 3. Traffic Level Measurements  The module relies on a buffer through which all incoming traffic enters.  Traffic level is continuously monitored and when it shoots to high levels, most incoming packets will be dropped.  The module thus attempts to isolate the server from the attack 9/8/201512

13 Comparison 1.Packet funneling is a load balancing solution that would delay heavy traffic on the server.The IP pattern of a normal user will have repetitive occurrences. It is easy approach for a small group of network. 2.Hop -Count process depends heavily on assumptions and probabilistic methods, rendering the method inaccurate. 3.Even though “Router based solution” provides more secure and private communication between the routers involved, a tremendous amount of complexity is introduced. 9/8/201513

14 Comparison 4.Traffic level counter measure is not effective way to prevent ip spoofing due to the reason of simply controlling the pick traffic level, where legitimate request may suffer to access the server. 5.Trace rout method is effective defense method where attacker is detected by tracing out the rout with the help of trusted adjacent node in network, if source ip is unreachable it drops the packet. 9/8/201514

15 Comparison 9/8/201515 Table (1): comparison among different prevention strategies of IP spoofing attack

16 Summary  We discussed what the ip spoofing is and how ip spoofing attack is proceed.  We discussed how to detect ip spoofing Attack  We discussed different types of measure to prevent ip spoofing attack such as: Trace Rout model, Packet Funneling, and some common prevention technique  We compared these technique of prevention. 9/8/201516

17 Conclusion IP spoofing attack on network is severe problem of consideration as it encounters many cases per day in the world of internet. Hence, the effective prevention strategies should be evaluated. By studying several prevention strategies Trace Rout strategies is effective way to control the attacker in network. 9/8/201517

18 References [1] Yunji Ma,” An Effective Method for Defense against IP Spoofing Attack”, Department of Network Engineering University of Science and Technology LiaoNing Anshan, China,2010 [2] N. Arumugam, C. Venkatesh,” A NOVEL SCHEME FOR DETECTING AND PREVENTING SPOOFED IP ACCESS ON NETWORK USING IP2HP FILTER ”, ©2006-2011 Asian Research Publishing Network (ARPN), Dec 2011 [3] Antonio Challita, Mona El Hassan, Sabine Maalouf, Adel Zouheiry,” A Survey of DDoS Defense Mechanisms”, Department of Electrical and Computer Engineering, American University of Beirut [4] T. Baba and S. Matsuda, "Tracing network attacks to their sources,“ IEEE Internet Computing, 2002. [5] I. B. Mopari, S. G. Pukale and M. L. Dhore, "Detection and defense against DDoS attack with IP spoofing," International Conference on Computing, Communication and Networking, 2008, pp. 1-5, Dec. 2008. [6] A. Bremler-Barr and H. Levy, "Spoofing prevention method," 24 th Annual Jiont Conference of the IEEE Computer and Communications Societies, March 2005. 9/8/201518

19 Thanks Accept my sincere thanks for listening. Any question and suggestion !! 9/8/201519

Download ppt "Seminar Presentation IP Spoofing Attack, detection and effective method of prevention. Md. Sajan Sana Ansari Id: 201206680 9/8/20151."

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.

Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.
Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.

Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.

Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
Page: 1 Director 1.0 TECHNION Department of Computer Science The Computer Communication Lab (236340) Summer 2002 Submitted by: David Schwartz Idan Zak.

Page: 1 Director 1.0 TECHNION Department of Computer Science The Computer Communication Lab (236340) Summer 2002 Submitted by: David Schwartz Idan Zak.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.

SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

Similar presentations

Ads by Google