SlideShare une entreprise Scribd logo

Ipspoofing

Télécharger en tant que PPT, PDF
Akhil Kumar
Akhil Kumar
TechnologieFormation
1  sur  25
IP SPOOFING By Ch. Rakesh Sharma
Overview ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
TCP/IP in 3 minute or less ,[object Object],[object Object]
TCP/IP in 3 minutes or less Application Transport Interweb Network Access Physical TCP IP
TCP/IP in 3 minute or less ,[object Object],[object Object],[object Object],[object Object]
TCP/IP in 3 minutes or less ,[object Object],[object Object],[object Object],[object Object]
IP Spoofing Sometimes on the internet, a girl named Alice is really a man named Yves
IP Spoofing – Overview ,[object Object],[object Object],[object Object]
IP Spoofing – Overview ,[object Object],[object Object],[object Object]
IP Spoofing – Overview ,[object Object],[object Object],[object Object],[object Object]
IP Spoofing – The Reset Victim - Bob Sucker - Alice Attacker - Eve 1. SYN – Let’s have a conversation 2. SYN ACK – Sure, what do you want to talk about? 3. RESET – Umm.. I have no idea why you are talking to me 4. No connection – Guess I need to take Bob out of the picture…
Types of Attacks in IP SPOOFING ,[object Object],[object Object],[object Object],[object Object]
IP Spoofing – Mitnick Attack ,[object Object],[object Object],[object Object]
Mitnick Attack 1. Mitnick Flood’s server’s login port so it can no longer respond 2. Mitnick Probes the Workstation to determine the behaviour of its TCP sequence number generator 3. Mitnick discovers that the TCP sequence number is incremented by 128000 each new connection 4. Mitnick forges a SYN from the server to the terminal 5. Terminals responds with an ACK, which is ignored by the flooded port (and not visible to Mitnick) Server Workstation Kevin Mitnick 6. Mitnick fakes the ACK using the proper TCP sequence number 7. Mitnick has now established a one way communications channel
IP Spoofing - Session Hijack ,[object Object],[object Object],[object Object]
Session Hijack Alice Bob Eve I’m Bob! I’m Alice! 1. Eve assumes a man-in-the-middle position through some mechanism. For example, Eve could use Arp Poisoning, social engineering, router hacking etc... 2. Eve can monitor traffic between Alice and Bob without altering the packets or sequence numbers. 3. At any point, Eve can assume the identity of either Bob or Alice through the Spoofed IP address. This breaks the pseudo connection as Eve will start modifying the sequence numbers
IP Spoofing – DoS/DDoS ,[object Object],[object Object]
DoS Attack Server Attacker Legitimate Users Interweb Fake IPs Service Requests Flood of Requests from Attacker Server queue full, legitimate requests get dropped Service Requests
DoS Attack ,[object Object],[object Object]
DDoS Attack Server (already DoS’d) Attacker Target Servers Interweb 1. Attacker makes large number of SYN connection requests to target servers on behalf of a DoS’d server 2. Servers send SYN ACK to spoofed server, which cannot respond as it is already DoS’d. Queue’s quickly fill, as each connection request will have to go through a process of sending several SYN ACKs before it times out SYN SYN SYN SYN SYN ACK SYN ACK SYN ACK SYN ACK Queue Full
DDoS Attack ,[object Object],[object Object]
IP Spoofing – Defending ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Conclusion ,[object Object],[object Object],[object Object]
 
 

Recommandé

Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing ppt
Anushakp9
 
I P S P O O F I N G
I P S P O O F I N GI P S P O O F I N G
I P S P O O F I N G
avinashkanchan
 
IP Spoofing
IP SpoofingIP Spoofing
IP Spoofing
Akmal Hussain
 
Spoofing
SpoofingSpoofing
Spoofing
Greater Noida Institute Of Technology
 
ip spoofing
ip spoofingip spoofing
ip spoofing
mohan babu
 
Presentation1
Presentation1Presentation1
Presentation1
Rahul Polara
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
arpit.arp
 
My ppt..priya
My ppt..priyaMy ppt..priya
My ppt..priya
priya_kp03
 

Recommandé

Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing ppt
Anushakp9
 
I P S P O O F I N G
I P S P O O F I N GI P S P O O F I N G
I P S P O O F I N G
avinashkanchan
 
IP Spoofing
IP SpoofingIP Spoofing
IP Spoofing
Akmal Hussain
 
Spoofing
SpoofingSpoofing
Spoofing
Greater Noida Institute Of Technology
 
ip spoofing
ip spoofingip spoofing
ip spoofing
mohan babu
 
Presentation1
Presentation1Presentation1
Presentation1
Rahul Polara
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
arpit.arp
 
My ppt..priya
My ppt..priyaMy ppt..priya
My ppt..priya
priya_kp03
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
Roushan Jha
 
Spoofing Techniques
Spoofing TechniquesSpoofing Techniques
Spoofing Techniques
Raza_Abidi
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
Dhrumil Shah
 
Spoofing
SpoofingSpoofing
Spoofing
Sanjeev
 
Ip spoofing & types of attachs using it
Ip spoofing & types of attachs using itIp spoofing & types of attachs using it
Ip spoofing & types of attachs using it
Rajesh Porwal
 
DNS Attacks
DNS AttacksDNS Attacks
DNS Attacks
Himanshu Prabhakar
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
Kaustubh Padwad
 
ip spoofing
ip spoofingip spoofing
ip spoofing
vipin soni
 
Spoofing attack: Learn about Email spoofing, IP address spoofing and many other
Spoofing attack: Learn about Email spoofing, IP address spoofing and many otherSpoofing attack: Learn about Email spoofing, IP address spoofing and many other
Spoofing attack: Learn about Email spoofing, IP address spoofing and many other
Pankaj Dubey
 
Ip spoofing attacks
Ip spoofing attacksIp spoofing attacks
Ip spoofing attacks
Apijay Kumar
 
Port Scanning
Port ScanningPort Scanning
Port Scanning
amiable_indian
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
hruth
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin Bisht
Nitin Bisht
 
Man in the middle
Man in the middleMan in the middle
Man in the middle
AhmadThaqifAimanAhma
 
Packet sniffing
Packet sniffingPacket sniffing
Packet sniffing
Shyama Bhuvanendran
 
Internet protocol (ip)
Internet protocol (ip)Internet protocol (ip)
Internet protocol (ip)
junnubabu
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
Kunal Thakur
 
Packet sniffing in switched LANs
Packet sniffing in switched LANsPacket sniffing in switched LANs
Packet sniffing in switched LANs
Ishraq Al Fataftah
 
Ip addressing
Ip addressingIp addressing
Ip addressing
Tanvir Amin
 
BasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet FiltersBasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet Filters
bhasker nalaveli
 
IP spoofing attacks & defence
IP spoofing attacks & defenceIP spoofing attacks & defence
IP spoofing attacks & defence
visor999
 

Contenu connexe

Tendances

Spoofing
SpoofingSpoofing
Spoofing
Sanjeev
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
Kaustubh Padwad
 
Ip spoofing attacks
Ip spoofing attacksIp spoofing attacks
Ip spoofing attacks
Apijay Kumar
 
Packet sniffing in switched LANs
Packet sniffing in switched LANsPacket sniffing in switched LANs
Packet sniffing in switched LANs
Ishraq Al Fataftah
 

Tendances (20)

Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
 
Spoofing Techniques
Spoofing TechniquesSpoofing Techniques
Spoofing Techniques
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
 
Spoofing
SpoofingSpoofing
Spoofing
 
Ip spoofing & types of attachs using it
Ip spoofing & types of attachs using itIp spoofing & types of attachs using it
Ip spoofing & types of attachs using it
 
DNS Attacks
DNS AttacksDNS Attacks
DNS Attacks
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
ip spoofing
ip spoofingip spoofing
ip spoofing
 
Spoofing attack: Learn about Email spoofing, IP address spoofing and many other
Spoofing attack: Learn about Email spoofing, IP address spoofing and many otherSpoofing attack: Learn about Email spoofing, IP address spoofing and many other
Spoofing attack: Learn about Email spoofing, IP address spoofing and many other
 
Ip spoofing attacks
Ip spoofing attacksIp spoofing attacks
Ip spoofing attacks
 
Port Scanning
Port ScanningPort Scanning
Port Scanning
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin Bisht
 
Man in the middle
Man in the middleMan in the middle
Man in the middle
 
Packet sniffing
Packet sniffingPacket sniffing
Packet sniffing
 
Internet protocol (ip)
Internet protocol (ip)Internet protocol (ip)
Internet protocol (ip)
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
 
Packet sniffing in switched LANs
Packet sniffing in switched LANsPacket sniffing in switched LANs
Packet sniffing in switched LANs
 
Ip addressing
Ip addressingIp addressing
Ip addressing
 

En vedette

BasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet FiltersBasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet Filters
bhasker nalaveli
 
IP spoofing attacks & defence
IP spoofing attacks & defenceIP spoofing attacks & defence
IP spoofing attacks & defence
visor999
 
A Novel IP Traceback Scheme for Spoofing Attack
A Novel IP Traceback Scheme for Spoofing AttackA Novel IP Traceback Scheme for Spoofing Attack
A Novel IP Traceback Scheme for Spoofing Attack
IJAEMSJORNAL
 
Proposed Methods of IP Spoofing Detection & Prevention
Proposed Methods of IP Spoofing Detection & Prevention Proposed Methods of IP Spoofing Detection & Prevention
Proposed Methods of IP Spoofing Detection & Prevention
International Journal of Science and Research (IJSR)
 
Ip spoofing (seminar report)
Ip spoofing (seminar report)Ip spoofing (seminar report)
Ip spoofing (seminar report)
Rahul Polara
 
Best topics for seminar
Best topics for seminarBest topics for seminar
Best topics for seminar
shilpi nagpal
 

En vedette (16)

BasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet FiltersBasepaperControlling IP Spoofing through Interdomain Packet Filters
BasepaperControlling IP Spoofing through Interdomain Packet Filters
 
IP spoofing attacks & defence
IP spoofing attacks & defenceIP spoofing attacks & defence
IP spoofing attacks & defence
 
Spoofing Attacks حملات جعل هویت
Spoofing Attacks حملات جعل هویت Spoofing Attacks حملات جعل هویت
Spoofing Attacks حملات جعل هویت
 
A Novel IP Traceback Scheme for Spoofing Attack
A Novel IP Traceback Scheme for Spoofing AttackA Novel IP Traceback Scheme for Spoofing Attack
A Novel IP Traceback Scheme for Spoofing Attack
 
Kipp Berdiansky on Tcp syn flooding and ip spoofing attacks
Kipp Berdiansky on Tcp syn flooding and ip spoofing attacksKipp Berdiansky on Tcp syn flooding and ip spoofing attacks
Kipp Berdiansky on Tcp syn flooding and ip spoofing attacks
 
Proposed Methods of IP Spoofing Detection & Prevention
Proposed Methods of IP Spoofing Detection & Prevention Proposed Methods of IP Spoofing Detection & Prevention
Proposed Methods of IP Spoofing Detection & Prevention
 
Himanshupptx
HimanshupptxHimanshupptx
Himanshupptx
 
Voice morphing-101113123852-phpapp01
Voice morphing-101113123852-phpapp01Voice morphing-101113123852-phpapp01
Voice morphing-101113123852-phpapp01
 
Ip spoofing (seminar report)
Ip spoofing (seminar report)Ip spoofing (seminar report)
Ip spoofing (seminar report)
 
Nagios Conference 2013 - William Leibzon - SNMP Protocol and Nagios Plugins
Nagios Conference 2013 - William Leibzon - SNMP Protocol and Nagios PluginsNagios Conference 2013 - William Leibzon - SNMP Protocol and Nagios Plugins
Nagios Conference 2013 - William Leibzon - SNMP Protocol and Nagios Plugins
 
Seven wonders of the world
Seven wonders of the world Seven wonders of the world
Seven wonders of the world
 
Introduction to Firebase [Google I/O Extended Bangkok 2016]
Introduction to Firebase [Google I/O Extended Bangkok 2016]Introduction to Firebase [Google I/O Extended Bangkok 2016]
Introduction to Firebase [Google I/O Extended Bangkok 2016]
 
3D Password PPT
3D Password PPT3D Password PPT
3D Password PPT
 
Indian culture
Indian cultureIndian culture
Indian culture
 
3d password ppt
3d password ppt3d password ppt
3d password ppt
 
Best topics for seminar
Best topics for seminarBest topics for seminar
Best topics for seminar
 

Similaire à Ipspoofing

Oss web application and network security
Oss web application and network securityOss web application and network security
Oss web application and network security
Rishabh Mehan
 
Internet Security
Internet SecurityInternet Security
Internet Security
Peter R. Egli
 
Efficient packet marking for large scale ip trace back(synopsis)
Efficient packet marking for large scale ip trace back(synopsis)Efficient packet marking for large scale ip trace back(synopsis)
Efficient packet marking for large scale ip trace back(synopsis)
Mumbai Academisc
 

Similaire à Ipspoofing (20)

Sudheer tech seminor
Sudheer tech seminorSudheer tech seminor
Sudheer tech seminor
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Cisco
 
12 types of DDoS attacks
12 types of DDoS attacks12 types of DDoS attacks
12 types of DDoS attacks
 
Lecture 7 Attacker and there tools.pptx
Lecture 7 Attacker and there tools.pptxLecture 7 Attacker and there tools.pptx
Lecture 7 Attacker and there tools.pptx
 
BADCamp 2017 - Anatomy of DDoS
BADCamp 2017 - Anatomy of DDoSBADCamp 2017 - Anatomy of DDoS
BADCamp 2017 - Anatomy of DDoS
 
Module 10 (session hijacking)
Module 10 (session hijacking)Module 10 (session hijacking)
Module 10 (session hijacking)
 
spoofing.ppt
spoofing.pptspoofing.ppt
spoofing.ppt
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKS
 
Oss web application and network security
Oss web application and network securityOss web application and network security
Oss web application and network security
 
DDoS-bdNOG
DDoS-bdNOGDDoS-bdNOG
DDoS-bdNOG
 
Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingCeh v5 module 10 session hijacking
Ceh v5 module 10 session hijacking
 
Isys20261 lecture 07
Isys20261 lecture 07Isys20261 lecture 07
Isys20261 lecture 07
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
Network Attacks and Countermeasures
Network Attacks and CountermeasuresNetwork Attacks and Countermeasures
Network Attacks and Countermeasures
 
IP spoofing .pptx
IP spoofing .pptxIP spoofing .pptx
IP spoofing .pptx
 
Network security
Network securityNetwork security
Network security
 
Network Security
Network SecurityNetwork Security
Network Security
 
Efficient packet marking for large scale ip trace back(synopsis)
Efficient packet marking for large scale ip trace back(synopsis)Efficient packet marking for large scale ip trace back(synopsis)
Efficient packet marking for large scale ip trace back(synopsis)
 
Dos.pptx
Dos.pptxDos.pptx
Dos.pptx
 
Denial of services : limiting the threat
Denial of services : limiting the threatDenial of services : limiting the threat
Denial of services : limiting the threat
 

Plus de Akhil Kumar

Edp section of solids
Edp section of solidsEdp section of solids
Edp section of solids
Akhil Kumar
 
Edp projection of solids
Edp projection of solidsEdp projection of solids
Edp projection of solids
Akhil Kumar
 
Edp projection of planes
Edp projection of planesEdp projection of planes
Edp projection of planes
Akhil Kumar
 
Edp projection of lines
Edp projection of linesEdp projection of lines
Edp projection of lines
Akhil Kumar
 
Edp ortographic projection
Edp ortographic projectionEdp ortographic projection
Edp ortographic projection
Akhil Kumar
 
Edp intersection
Edp intersectionEdp intersection
Edp intersection
Akhil Kumar
 
Edp ellipse by gen method
Edp ellipse by gen methodEdp ellipse by gen method
Edp ellipse by gen method
Akhil Kumar
 
Edp development of surfaces of solids
Edp development of surfaces of solidsEdp development of surfaces of solids
Edp development of surfaces of solids
Akhil Kumar
 
Edp typical problem
Edp typical problemEdp typical problem
Edp typical problem
Akhil Kumar
 
Edp st line(new)
Edp st line(new)Edp st line(new)
Edp st line(new)
Akhil Kumar
 
graphical password authentication
graphical password authenticationgraphical password authentication
graphical password authentication
Akhil Kumar
 

Plus de Akhil Kumar (20)

Edp section of solids
Edp section of solidsEdp section of solids
Edp section of solids
 
Edp scales
Edp scalesEdp scales
Edp scales
 
Edp projection of solids
Edp projection of solidsEdp projection of solids
Edp projection of solids
 
Edp projection of planes
Edp projection of planesEdp projection of planes
Edp projection of planes
 
Edp projection of lines
Edp projection of linesEdp projection of lines
Edp projection of lines
 
Edp ortographic projection
Edp ortographic projectionEdp ortographic projection
Edp ortographic projection
 
Edp isometric
Edp isometricEdp isometric
Edp isometric
 
Edp intersection
Edp intersectionEdp intersection
Edp intersection
 
Edp excerciseeg
Edp excerciseegEdp excerciseeg
Edp excerciseeg
 
Edp ellipse by gen method
Edp ellipse by gen methodEdp ellipse by gen method
Edp ellipse by gen method
 
Edp development of surfaces of solids
Edp development of surfaces of solidsEdp development of surfaces of solids
Edp development of surfaces of solids
 
Edp curves2
Edp curves2Edp curves2
Edp curves2
 
Edp curve1
Edp curve1Edp curve1
Edp curve1
 
Edp typical problem
Edp typical problemEdp typical problem
Edp typical problem
 
Edp st line(new)
Edp st line(new)Edp st line(new)
Edp st line(new)
 
graphical password authentication
graphical password authenticationgraphical password authentication
graphical password authentication
 
yii framework
yii frameworkyii framework
yii framework
 
cloud computing
cloud computingcloud computing
cloud computing
 
WORDPRESS
WORDPRESSWORDPRESS
WORDPRESS
 
AJAX
AJAXAJAX
AJAX
 

Dernier

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 

Dernier (20)

[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 

Ipspoofing

  • 1. IP SPOOFING By Ch. Rakesh Sharma
  • 2.
  • 3.
  • 4. TCP/IP in 3 minutes or less Application Transport Interweb Network Access Physical TCP IP
  • 5.
  • 6.
  • 7. IP Spoofing Sometimes on the internet, a girl named Alice is really a man named Yves
  • 8.
  • 9.
  • 10.
  • 11. IP Spoofing – The Reset Victim - Bob Sucker - Alice Attacker - Eve 1. SYN – Let’s have a conversation 2. SYN ACK – Sure, what do you want to talk about? 3. RESET – Umm.. I have no idea why you are talking to me 4. No connection – Guess I need to take Bob out of the picture…
  • 12.
  • 13.
  • 14. Mitnick Attack 1. Mitnick Flood’s server’s login port so it can no longer respond 2. Mitnick Probes the Workstation to determine the behaviour of its TCP sequence number generator 3. Mitnick discovers that the TCP sequence number is incremented by 128000 each new connection 4. Mitnick forges a SYN from the server to the terminal 5. Terminals responds with an ACK, which is ignored by the flooded port (and not visible to Mitnick) Server Workstation Kevin Mitnick 6. Mitnick fakes the ACK using the proper TCP sequence number 7. Mitnick has now established a one way communications channel
  • 15.
  • 16. Session Hijack Alice Bob Eve I’m Bob! I’m Alice! 1. Eve assumes a man-in-the-middle position through some mechanism. For example, Eve could use Arp Poisoning, social engineering, router hacking etc... 2. Eve can monitor traffic between Alice and Bob without altering the packets or sequence numbers. 3. At any point, Eve can assume the identity of either Bob or Alice through the Spoofed IP address. This breaks the pseudo connection as Eve will start modifying the sequence numbers
  • 17.
  • 18. DoS Attack Server Attacker Legitimate Users Interweb Fake IPs Service Requests Flood of Requests from Attacker Server queue full, legitimate requests get dropped Service Requests
  • 19.
  • 20. DDoS Attack Server (already DoS’d) Attacker Target Servers Interweb 1. Attacker makes large number of SYN connection requests to target servers on behalf of a DoS’d server 2. Servers send SYN ACK to spoofed server, which cannot respond as it is already DoS’d. Queue’s quickly fill, as each connection request will have to go through a process of sending several SYN ACKs before it times out SYN SYN SYN SYN SYN ACK SYN ACK SYN ACK SYN ACK Queue Full
  • 21.
  • 22.
  • 23.
  • 24.  
  • 25.