IIT Indore © Neminath Hubballi

Slides:

Advertisements

Similar presentations

Advertisements

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

IUT– Network Security Course 1 Network Security Firewalls.

Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.

1 Reading Log Files. 2 Segment Format

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Network Attacks Mark Shtern.

Security - Systems Design Considerations. Layer 2 Design L2 Control protocols q, STP and ARP 802.1q for Ethernet switches to exchange VLAN info.

Firewalls and Intrusion Detection Systems

IP Spoofing, CS2651 IP Spoofing Bao Ho ToanTai Vu CS Security Engineering Spring 2003 San Jose State University.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

OSI Model Routing Connection-oriented/Connectionless Network Services.

1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Computer Security and Penetration Testing

January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Chapter 6: Packet Filtering

1 Defining Network Security Security is prevention of unwanted information transfer What are the components? –...Physical Security –…Operational Security.

Network security Further protocols and issues. Protocols: recap There are a few main protocols that govern the internet: – Internet Protocol: IP – Transmission.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Chapter 4 TCP/IP Overview Connecting People To Information.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

TCP/IP Vulnerabilities

CS426Network Security1 Computer Security CS 426 Network Security (1)

Security Issues in Control, Management and Routing Protocols M.Baltatu, A.Lioy, F.Maino, D.Mazzocchi Computer and Network Security Group Politecnico di.

1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies

ARP Spoofing Attacks Dr. Neminath Hubballi IIT Indore © Neminath Hubballi.

CHAPTER 9 Sniffing.

CIS 450 – Network Security Chapter 4 - Spoofing. Definition - To fool. In networking, the term is used to describe a variety of ways in which hardware.

CS526Topic 18: Network Security1 Information Security CS 526 Network Security (1)

Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.

ICMP Spoofing Attacks Dr. Neminath Hubballi IIT Indore © Neminath Hubballi.

TCP Security Vulnerabilities Phil Cayton CSE

Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://

Filtering Spoofed Packets Network Ingress Filtering (BCP 38) What are spoofed or forged packets? Why are they bad? How to keep them out.

SEMINAR ON IP SPOOFING. IP spoofing is the creation of IP packets using forged (spoofed) source IP address. In the April 1989, AT & T Bell a lab was among.

UDP : User Datagram Protocol 백 일 우

© 2002, Cisco Systems, Inc. All rights reserved..

SECURE SHELL MONIKA GUPTA COT OUTLINE What is SSH ? What is SSH ? History History Functions of Secure Shell ? Functions of Secure Shell ? Elements.

Lecture 21: Network Primer 7/9/2003 CSCE 590 Summer 2003.

IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.

Network Security 1. Overview What is security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures Firewalls & Intrusion.

SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.

Presentation on ip spoofing BY

Network Security (part 2)

Network and System Security Risk Assessment

An Introduction To ARP Spoofing & Other Attacks

Introduction to Information Security

General Classes of TCP/IP Problems

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

DNS Cache Poisoning Attack

Introduction to Networking

Spoofing Basics Presentation developed by A.F.M Bakabillah Cyber Security and Networking Consultant MCSA: Messaging, MCSE RHCE ITIL CEH.

Firewalls Purpose of a Firewall Characteristic of a firewall

IIT Indore © Neminath Hubballi

Intrusion Detection and Hackers Exploits IP Spoofing Attack

Wireless Spoofing Attacks on Mobile Devices

TCP Connection Management

Presentation transcript:

IIT Indore © Neminath Hubballi IP Spoofing Attack Dr. Neminath Hubballi IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi Outline Introduction IP address spoofing ICMP spoofing ARP spoofing DNS spoofing Email spoofing Defense mechanisms IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi What is Spoofing Dictionary.com says – “to communicate electronically under a fals e identity” More conventional definition hoax or trick (someone) Ex. Caller ID spoofing was prevalent in purchase scams Required specific equipment to accomplish such spoofing IIT Indore © Neminath Hubballi

Why Spoofing Works in Networks Computer networks are designed with trust relationship Design goal was get it working Security was never a concern Design was not intended for today’s use cases We are best in reacting to situations Spoofing is possible almost in every layer of TCP/IP stack IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi IP Address Spoofing IP spoofing is the creation of IP packets using somebody else’s IP address as source address of a IP packet Absence of state information makes IP protocol vulnerable to spoofing Peer is not authenticated IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi Normal Interaction Source IP Destination IP 200.1.1.1 100.1.1.1 Source IP Destination IP 100.1.1.1 200.1.1.1 200.1.1.1 100.1.1.1 IIT Indore © Neminath Hubballi

Interaction Under Spoofing Source IP Destination IP 150.1.1.1 100.1.1.1 200.1.1.1 100.1.1.1 Source IP Destination IP 100.1.1.1 150.1.1.1 150.1.1.1 IIT Indore © Neminath Hubballi

Interaction Under Spoofing Source IP Destination IP 150.1.1.2 100.1.1.1 When attacker uses a non existing IP address as source address 200.1.1.1 100.1.1.1 Source IP Destination IP 100.1.1..1 150.1.1.2 I have no way forward IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi IP Address Spoofing By spoofing address attacker conceals identity Make it appear that it has come from a different source IP address spoofing is used in many cyber attacks There are some legitimate use cases Website performance testing NAT IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi Why Spoof IP Address For the same reason why thieves wear black dress, helmet and do their work in night IP address acts as a source of sender’s identity Many systems keep logs of your activities IP address are part of logging IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi Non Blind IP Spoofing Attacker 10.0.0.2 10.0.0.1 Target 10.0.0.3 10.0.0.4 10.0.0.7 10.0.0.15 10.0.0.6 when the attacker is on the same subnet as the victim SEQ and ACK can be sniffed IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi Blind IP Spoofing Target Attacker when the attacker is on the different subnet perhaps different networks SEQ and ACK can not be sniffed that easily IIT Indore © Neminath Hubballi

IP Address Spoofing in Reality IIT Indore © Neminath Hubballi

IP Address Spoofing-Implications Many network services use host names or address for identification and authentication Host wanting service prepare a message and send it to a remote service. Receiver either allows or disallows the service Many services are vulnerable to IP spoofing RPC (http://seclists.org/bugtraq/1995/Jan/182 ) NFS X window system Any service using IP address as authentication method IIT Indore © Neminath Hubballi

IP Spoofing Derivative Attacks Man in the middle attack: Allows sniffing packets in between Routing redirect: Send a packet advertising a false better route to reach a destination Source routing: Insert attacker host in the list Strict: Packet has to traverse only through the addresses mentioned Loose: In addition to the list mentioned, packet can traverse additional routers Smurf attack: send ICMP packet to a broadcast address with spoofed address SYN flooding: Send too many TCP connections with spoofed source address Sequence number prediction Session hijacking Determining the state of firewall Stateful firewalls remember history Denial of service IIT Indore © Neminath Hubballi

How Easy it is to Spoof IP Address Little programming is enough ! Raw socket programming in UNIX You will find examples of raw socket programs here http://www.pdbuchan.com/rawsock/rawsock.html WinPacp in windows Several open source tools are available Hping – seems not actively maintained now Scapy – it does many things- packet manipulation, capture, spoof etc. IIT Indore © Neminath Hubballi

Defenses Against IP Address Spoofing No complete solution exists Ingress filtering-drop packets coming from outside with source IP addresses used inside network Egress filtering-any packet having source IP address not in the network are dropped Avoiding trust relationship based on IP address Unicast Reverse Path Forwarding – discard IP packet that lack verifiable IP source address Idea is simple a reverse path to the source IP address of an incoming packet is using the same interface Strict- same interface Loose- if any path exists to the source its ok IIT Indore © Neminath Hubballi

Defenses Against IP Address Spoofing Anti-Spoofing with IP sourceguard Layer 2 security feature Restricts IP traffic on un-trusted layer 2 ports to achieve with an IP address other than one assigned by DHCP/static assignment Encryption and authentication – IPSec may be an answer Make ISN prediction difficult by having a perfect random number generation RFC 1948 recommends ISN to be a function of Source IP, Destination IP, Source Port, Destination Port and a secrete key TCP Receiver window based prediction Set the window size to small Traceroute Measure TTL values IIT Indore © Neminath Hubballi