Presentation is loading. Please wait.

Presentation is loading. Please wait.

IIT Indore © Neminath Hubballi

Published byDiane Barker Modified over 8 years ago

Similar presentations

Presentation on theme: "IIT Indore © Neminath Hubballi"— Presentation transcript:

1 IIT Indore © Neminath Hubballi
IP Spoofing Attack Dr. Neminath Hubballi IIT Indore © Neminath Hubballi

2 IIT Indore © Neminath Hubballi
Outline Introduction IP address spoofing ICMP spoofing ARP spoofing DNS spoofing spoofing Defense mechanisms IIT Indore © Neminath Hubballi

3 IIT Indore © Neminath Hubballi
What is Spoofing Dictionary.com says – “to communicate electronically under a fals e identity” More conventional definition hoax or trick (someone) Ex. Caller ID spoofing was prevalent in purchase scams Required specific equipment to accomplish such spoofing IIT Indore © Neminath Hubballi

4 Why Spoofing Works in Networks
Computer networks are designed with trust relationship Design goal was get it working Security was never a concern Design was not intended for today’s use cases We are best in reacting to situations Spoofing is possible almost in every layer of TCP/IP stack IIT Indore © Neminath Hubballi

5 IIT Indore © Neminath Hubballi
IP Address Spoofing IP spoofing is the creation of IP packets using somebody else’s IP address as source address of a IP packet Absence of state information makes IP protocol vulnerable to spoofing Peer is not authenticated IIT Indore © Neminath Hubballi

6 IIT Indore © Neminath Hubballi
Normal Interaction Source IP Destination IP Source IP Destination IP IIT Indore © Neminath Hubballi

7 Interaction Under Spoofing
Source IP Destination IP Source IP Destination IP IIT Indore © Neminath Hubballi

8 Interaction Under Spoofing
Source IP Destination IP When attacker uses a non existing IP address as source address Source IP Destination IP I have no way forward IIT Indore © Neminath Hubballi

9 IIT Indore © Neminath Hubballi
IP Address Spoofing By spoofing address attacker conceals identity Make it appear that it has come from a different source IP address spoofing is used in many cyber attacks There are some legitimate use cases Website performance testing NAT IIT Indore © Neminath Hubballi

10 IIT Indore © Neminath Hubballi
Why Spoof IP Address For the same reason why thieves wear black dress, helmet and do their work in night IP address acts as a source of sender’s identity Many systems keep logs of your activities IP address are part of logging IIT Indore © Neminath Hubballi

11 IIT Indore © Neminath Hubballi
Non Blind IP Spoofing Attacker Target when the attacker is on the same subnet as the victim SEQ and ACK can be sniffed IIT Indore © Neminath Hubballi

12 IIT Indore © Neminath Hubballi
Blind IP Spoofing Target Attacker when the attacker is on the different subnet perhaps different networks SEQ and ACK can not be sniffed that easily IIT Indore © Neminath Hubballi

13 IP Address Spoofing in Reality
IIT Indore © Neminath Hubballi

14 IP Address Spoofing-Implications
Many network services use host names or address for identification and authentication Host wanting service prepare a message and send it to a remote service. Receiver either allows or disallows the service Many services are vulnerable to IP spoofing RPC ( ) NFS X window system Any service using IP address as authentication method IIT Indore © Neminath Hubballi

15 IP Spoofing Derivative Attacks
Man in the middle attack: Allows sniffing packets in between Routing redirect: Send a packet advertising a false better route to reach a destination Source routing: Insert attacker host in the list Strict: Packet has to traverse only through the addresses mentioned Loose: In addition to the list mentioned, packet can traverse additional routers Smurf attack: send ICMP packet to a broadcast address with spoofed address SYN flooding: Send too many TCP connections with spoofed source address Sequence number prediction Session hijacking Determining the state of firewall Stateful firewalls remember history Denial of service IIT Indore © Neminath Hubballi

16 How Easy it is to Spoof IP Address
Little programming is enough ! Raw socket programming in UNIX You will find examples of raw socket programs here WinPacp in windows Several open source tools are available Hping – seems not actively maintained now Scapy – it does many things- packet manipulation, capture, spoof etc. IIT Indore © Neminath Hubballi

17 Defenses Against IP Address Spoofing
No complete solution exists Ingress filtering-drop packets coming from outside with source IP addresses used inside network Egress filtering-any packet having source IP address not in the network are dropped Avoiding trust relationship based on IP address Unicast Reverse Path Forwarding – discard IP packet that lack verifiable IP source address Idea is simple a reverse path to the source IP address of an incoming packet is using the same interface Strict- same interface Loose- if any path exists to the source its ok IIT Indore © Neminath Hubballi

18 Defenses Against IP Address Spoofing
Anti-Spoofing with IP sourceguard Layer 2 security feature Restricts IP traffic on un-trusted layer 2 ports to achieve with an IP address other than one assigned by DHCP/static assignment Encryption and authentication – IPSec may be an answer Make ISN prediction difficult by having a perfect random number generation RFC 1948 recommends ISN to be a function of Source IP, Destination IP, Source Port, Destination Port and a secrete key TCP Receiver window based prediction Set the window size to small Traceroute Measure TTL values IIT Indore © Neminath Hubballi

Download ppt "IIT Indore © Neminath Hubballi"

Similar presentations

ARP Spoofing.

ARP Spoofing.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.

Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.

Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
Security - Systems Design Considerations. Layer 2 Design L2 Control protocols - 802.1q, STP and ARP 802.1q for Ethernet switches to exchange VLAN info.

Security - Systems Design Considerations. Layer 2 Design L2 Control protocols q, STP and ARP 802.1q for Ethernet switches to exchange VLAN info.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
IP Spoofing, CS2651 IP Spoofing Bao Ho ToanTai Vu CS 265 - Security Engineering Spring 2003 San Jose State University.

IP Spoofing, CS2651 IP Spoofing Bao Ho ToanTai Vu CS Security Engineering Spring 2003 San Jose State University.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
1 CCNA 2 v3.1 Module 10. 2 Intermediate TCP/IP CCNA 2 Module 10.

1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

Similar presentations

Ads by Google