Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
IP SPOOFING
Precap…
 What is spoofing
 Types of spoofing
 Ip spoofing
 Ip spoofing attacks
 Prevention of Ip spoofing
 Ip spoofi...
Spoofing
 It is a situation in which one person or program successfully masquerades
as another by falsifying information/...
Types of spoofing
 IP spoofing: Attacker uses IP address
of another computer to acquire
information or gain access from
a...
IP Spoofing
A technique used to gain unauthorized access to computers,
whereby the intruder sends messages to a computer w...
IP Datagram
• The job of IP is to route and send a packet to the packet's destination.
• IP provides no guarantee , for th...
TCP Header
0 16 31
Source Port Destination Port
Sequence Number
Acknowledgement Number
Window
Urgent Pointer
Options and P...
IP Spoofing Mechanism
Attacker selects a host (target/victim)
Identify host that has trust relation with target
Trusted ho...
Types of IP spoofing Attacks
 Blind Spoofing Attack
 Non-Blind Spoofing Attack
 Man In The Middle Attack
 Denial of Se...
Usually the attacker does not have access to the reply.
e.g.
Host C sends an IP datagram with the address of some other ho...
2. Non-Blind Spoofing
Takes place when the attacker is on the same subnet as the
victim. This allows the attacker to sniff...
In these attacks, a malicious party intercepts a legitimate communication
between two friendly parties. The malicious host...
4.Denial of Service Attack
•IP spoofing is always used in DOS attacks.
•Attackers are concerned with consuming bandwidth
a...
DoS Attack
Server
Attacker Legitimate Users
Interweb
Fake IPs
Service
Requests
Flood of
Requests from
Attacker
Server queu...
Preventing IP spoofing
attacks
Filtering at the Router border:
• Main idea is to check the Source IP address and validate ...
Network Address Translation(NAT)
• Nat are used to alter the packet (address) as it passes over the network.
• It keeps tr...
CONCLUSION
 IP Spoofing is an old Hacker trick that continues to
evolve.
 Will continue to represent a threat as long as...
Any Questions ?
IP Spoofing
Prochain SlideShare
Chargement dans…5
×

IP Spoofing

IP spoofing ppt

  • Soyez le premier à commenter

IP Spoofing

  1. 1. IP SPOOFING
  2. 2. Precap…  What is spoofing  Types of spoofing  Ip spoofing  Ip spoofing attacks  Prevention of Ip spoofing  Ip spoofing applications  Reference
  3. 3. Spoofing  It is a situation in which one person or program successfully masquerades as another by falsifying information/data and thereby gaining an illegitimate advantage.
  4. 4. Types of spoofing  IP spoofing: Attacker uses IP address of another computer to acquire information or gain access from another network.  Email spoofing: Attacker sends email but makes it appear to come from someone else(reliable email).  Web spoofing: Attacker tricks web browser into communicating with a different web server than the user intended.
  5. 5. IP Spoofing A technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host trusted host B Intruder A C
  6. 6. IP Datagram • The job of IP is to route and send a packet to the packet's destination. • IP provides no guarantee , for the packets it tries to deliver. • IP is the internet layer protocol. Options and Padding Destination Address Total Length Fragment Offset Header ChecksumTime to Live Protocol Identification Type of Service Flags Version IHL Source Address 0 16 31
  7. 7. TCP Header 0 16 31 Source Port Destination Port Sequence Number Acknowledgement Number Window Urgent Pointer Options and Padding Checksum FlagsReservedData Offset TCP provides reliable and guaranteed delivery of packets.
  8. 8. IP Spoofing Mechanism Attacker selects a host (target/victim) Identify host that has trust relation with target Trusted host is impersonated(tcp seq. no. copied) Attacker successfully connects to the server Attacker executes commands & Controls system
  9. 9. Types of IP spoofing Attacks  Blind Spoofing Attack  Non-Blind Spoofing Attack  Man In The Middle Attack  Denial of Service (DOS) Attack
  10. 10. Usually the attacker does not have access to the reply. e.g. Host C sends an IP datagram with the address of some other host (Host A) as the source address to Host B. Attacked host (B) replies to the legitimate host (A) 1. Blind Spoofing
  11. 11. 2. Non-Blind Spoofing Takes place when the attacker is on the same subnet as the victim. This allows the attacker to sniff packets making the next sequence number available to him.
  12. 12. In these attacks, a malicious party intercepts a legitimate communication between two friendly parties. The malicious host then controls the flow of communication and can eliminate or alter the information sent by one of the original participants without the knowledge of either the original sender or the recipient. If an attacker controls a gateway that is in the delivery route, he can • intercept / block / delay traffic • sniff the traffic • modify traffic 3. Man In The MiddleAttack
  13. 13. 4.Denial of Service Attack •IP spoofing is always used in DOS attacks. •Attackers are concerned with consuming bandwidth and resources by flooding the target with as many packets as possible in a short amount of time.
  14. 14. DoS Attack Server Attacker Legitimate Users Interweb Fake IPs Service Requests Flood of Requests from Attacker Server queue full, legitimate requests get dropped Service Requests IP Spoofing Mechanism
  15. 15. Preventing IP spoofing attacks Filtering at the Router border: • Main idea is to check the Source IP address and validate it. • Look for invalid source IP addresses, and discard it. Use cryptographic network protocols: Transport Layer Security (TLS), Secure Shell (SSH), HTTP Secure (HTTPS) Disable Commands : Prevent from attacks by not using address-based authentication. Disable all the r* commands. Empty out the /etc/hosts.equiv file.
  16. 16. Network Address Translation(NAT) • Nat are used to alter the packet (address) as it passes over the network. • It keeps tracks of the mangled/altered data as it retranslates it when the reply packets are routed back
  17. 17. CONCLUSION  IP Spoofing is an old Hacker trick that continues to evolve.  Will continue to represent a threat as long as each layer continues to trust each other.
  18. 18. Any Questions ?

×