2. Precap…
What is spoofing
Types of spoofing
Ip spoofing
Ip spoofing attacks
Prevention of Ip spoofing
Ip spoofing applications
Reference
3. Spoofing
It is a situation in which one person or program successfully masquerades
as another by falsifying information/data and thereby gaining an
illegitimate advantage.
4. Types of spoofing
IP spoofing: Attacker uses IP address
of another computer to acquire
information or gain access from
another network.
Email spoofing: Attacker sends email
but makes it appear to come from
someone else(reliable email).
Web spoofing: Attacker tricks web
browser into communicating with a
different web server than the user
intended.
5. IP Spoofing
A technique used to gain unauthorized access to computers,
whereby the intruder sends messages to a computer with an
IP address indicating that the message is coming from a
trusted host
trusted host B
Intruder
A
C
6. IP Datagram
• The job of IP is to route and send a packet to the packet's destination.
• IP provides no guarantee , for the packets it tries to deliver.
• IP is the internet layer protocol.
Options and Padding
Destination Address
Total Length
Fragment Offset
Header ChecksumTime to Live Protocol
Identification
Type of Service
Flags
Version IHL
Source Address
0 16 31
7. TCP Header
0 16 31
Source Port Destination Port
Sequence Number
Acknowledgement Number
Window
Urgent Pointer
Options and Padding
Checksum
FlagsReservedData
Offset
TCP provides reliable and guaranteed delivery of packets.
8. IP Spoofing Mechanism
Attacker selects a host (target/victim)
Identify host that has trust relation with target
Trusted host is impersonated(tcp seq. no. copied)
Attacker successfully connects to the server
Attacker executes commands & Controls system
9. Types of IP spoofing Attacks
Blind Spoofing Attack
Non-Blind Spoofing Attack
Man In The Middle Attack
Denial of Service (DOS) Attack
10. Usually the attacker does not have access to the reply.
e.g.
Host C sends an IP datagram with the address of some other host (Host A)
as the source address to Host B. Attacked host (B) replies to the legitimate
host (A)
1. Blind Spoofing
11. 2. Non-Blind Spoofing
Takes place when the attacker is on the same subnet as the
victim. This allows the attacker to sniff packets making the next
sequence number available to him.
12. In these attacks, a malicious party intercepts a legitimate communication
between two friendly parties. The malicious host then controls the flow of
communication and can eliminate or alter the information sent by one of the
original participants without the knowledge of either the original sender or
the recipient.
If an attacker controls a gateway that is in the delivery route, he
can
• intercept / block / delay traffic
• sniff the traffic
• modify traffic
3. Man In The MiddleAttack
13. 4.Denial of Service Attack
•IP spoofing is always used in DOS attacks.
•Attackers are concerned with consuming bandwidth
and resources by
flooding the target with as many packets as possible in
a short amount of time.
14. DoS Attack
Server
Attacker Legitimate Users
Interweb
Fake IPs
Service
Requests
Flood of
Requests from
Attacker
Server queue full,
legitimate
requests get
dropped
Service
Requests
IP Spoofing Mechanism
15. Preventing IP spoofing
attacks
Filtering at the Router border:
• Main idea is to check the Source IP address and validate it.
• Look for invalid source IP addresses, and discard it.
Use cryptographic network protocols:
Transport Layer Security (TLS), Secure Shell (SSH), HTTP Secure
(HTTPS)
Disable Commands :
Prevent from attacks by not using address-based authentication.
Disable all the r* commands.
Empty out the /etc/hosts.equiv file.
16. Network Address Translation(NAT)
• Nat are used to alter the packet (address) as it passes over the network.
• It keeps tracks of the mangled/altered data as it retranslates it when
the reply packets are routed back
17. CONCLUSION
IP Spoofing is an old Hacker trick that continues to
evolve.
Will continue to represent a threat as long as each layer
continues to trust each other.