1. Spoofing Keegan Haukaas, Samuel Robertson, Jack Murdock

2. Overview Email Spoofing IP Spoofing Web Spoofing

3. Email Spoofing Pretending to send an email from someone else

4. Reasons for Email Spoofing Hide Identity Impersonate Company or Authority

5. How to Spoof an Email SMTP functions Insert commands in headers

6. Examples Posing as a Bank Posing as Facebook Posing as Relative

7. Mitigating Email Spoofing Look at address Read through message Check links against legitimate site

8. Reporting Email Spoofing Legitimate Company/Person Federal Trade Commission spam@uce.govspam@uce.gov

9. IP Spoofing IP spoofing is when the IP source address is changed in the packet header Legitimate uses' of IP Spoofing- Website Testing Illegitimate uses of IP Spoofing DoS Gain entry to System

10. IP Spoofing (cont.) Nmap Ipconfig /all Nmap –iflist Nmap –e eth7 –S 10.154.14.138.10.25.17.45 Defense against IP Spoofing Packet Filtering DO NOT rely only on IP address to gain access

11. Web Spoofing General techniques: Similar URL Copy Site design/code “Malvertising”

12. Similar URL Mistyping Favebook vs Facebook Alternate Top-Level Domains Whitehouse.gov vs Whitehouse.com Countermeasures: Purchase the alternate domain, check spelling, check security certificate

13. Design Hijacking Copies all (or all accessible) HTML, CSS, JavaScript, etc. Incorporates design into new site Most likely also uses a spoofed/similar URL Check for Security Certificate/HTTPS Websites need to be verified in some way to be granted a certificate Countermeasures: Code obfuscation, closed-source, HTTPS, etc.

14. Malvertising Stands for Malicious Advertising Exploits ads in sites Attacker puts up “clean” ads, gains reputation Then injects malicious code into advertisements “Drive-by” style attacks, or click activation Attacker hacks site, injects code into banner ads Countermeasures: Install AdBlock, don’t click on ads, avoid sites with instrusive/pop-up ads, check site’s reputation

15. Summary Email Spoofing IP Spoofing Web Spoofing

16. Q A &