Ip spoofing a hacking technique
This presentation is the property of its rightful owner.
Sponsored Links
1 / 21

IP SPOOFING : A Hacking Technique PowerPoint PPT Presentation


  • 182 Views
  • Uploaded on
  • Presentation posted in: General

IP SPOOFING : A Hacking Technique. TOPICS. What is TCP/IP TCP\IP protocol architecture What is IP & TCP TCP\IP Protocol working What is IP Spoofing & its working IP Spoofing Examples IP Spoofing Attacks Uses of IP Spoofing Stopping Methods Of Spoofing IP Spoofing is still developing

Download Presentation

IP SPOOFING : A Hacking Technique

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Ip spoofing a hacking technique

IP SPOOFING: A Hacking Technique


Topics

TOPICS

  • What is TCP/IP

  • TCP\IP protocol architecture

  • What is IP & TCP

  • TCP\IP Protocol working

  • What is IP Spoofing & its working

  • IP Spoofing Examples

  • IP Spoofing Attacks

  • Uses of IP Spoofing

  • Stopping Methods Of Spoofing

  • IP Spoofing is still developing

  • Conclusion

  • References


What is tcp ip

What is TCP/IP

  • General use of term “TCP/IP” describes the Architecture upon which the Internet is built.

  • TCP/IP are specific protocols within that architecture.


Tcp ip protocol architecture

TCP/IP PROTOCOL ARCHITECTURE

Application

Transport

TCP

Internet

IP

Data Link

Physical


What is ip

What is IP

  • IP is the Internet protocol used in Internet layer.

  • It does not guarantee delivery or ordering, only it move packets from a source address to a destination address.

  • IP addresses are used to express the source and destination.

  • IP assumes that each address is unique within the network.


What is tcp

What is TCP

  • TCP is the Transmission Control Protocol used in Transport layer.

  • It guarantees delivery and ordering, but depends upon IP to move packets to proper destination.

  • Port numbers are used to express source and destination.

  • Destination Port is assumed to be awaiting packets of data.


Tcp ip protocol working

TCP/IP PROTOCOL WORKING

Client Using Mozilla

Some Web Server

HTTP - GET

Application

Application

Transport

Transport

TCP – Port 80

Internet

Internet

IP – 10.24.1.1

Data Link

Data Link

MAC – 00:11:22:33:44:55

Physical

Physical

1101001001110100110100110101


What is ip spoofing

What is IP SPOOFING

  • IP spoofing is the creation of TCP/IP packets with

    somebody else's IP address in the header.

  • Routers use the destination IP address to forward packets, but ignore the source IP address.

  • The source IP address is used only by the destination

    machine, when it responds back to the source.

  • When an attacker spoofs someone’s IP address, the

    victim’s reply goes back to that address.

  • Because the source address is not the same as the attacker’s address, any replies generated by the destination will not be sent to the attacker.

  • Since the attacker does not receive packets back, this is called a one-way attack or blind spoofing.


Ip spoofing a hacking technique

To see the return packets, the attacker must intercept them.

Attacker must have an alternate way to spy on traffic/predict responses.

To maintain a connection, Attacker must fulfill the protocol requirements

Attacker normally within a LAN/on the communication path between server and client.

Attacker is not blind, since the he can see traffic from both server and client.


Steps for spoofing ip

Steps for SPOOFING IP

IP spoofing Technique consists of these steps:

  • Selecting a target host (the victim).

  • Identifying a host that has a "trust" relationship with the target. This can be accomplished by looking at the traffic of the target host. There cannot be an attack if the target does not trust anyone.

  • The trusted host is then disabled using SYN flooding and the target’s TCP sequence numbers are sampled.


Ip spoofing a hacking technique

A connection attempt is made to a service that only requires address-based authentication (no user id or password).

If a successful connection is made, the attacker executes a simple command to leave a backdoor. This allows for simple re-entries in a non-interactive way for the attacker.


Establishing a tcp connection

Establishing a TCP Connection


Ip spoofing example a valid source ip

IP Spoofing Example: A Valid Source IP


Ip spoofing example a spoofed source ip

IP Spoofing Example: A Spoofed Source IP


Actually what happens

Actually what happens?

Alice

Bob

2. Eve can monitor traffic between Alice and Bob without altering the packets or sequence numbers.

I’m Bob!

I’m Alice!

1. Eve assumes a man-in-the-middle position through some mechanism. For example, Eve could use Arp Poisoning, social engineering, router hacking etc...

3. At any point, Eve can assume the identity of either Bob or Alice through the Spoofed IP address. This breaks the pseudo connection as Eve will start modifying the sequence numbers

Eve


Ip spoofing attacks

IP SPOOFING ATTACKS

Attacks using IP spoofing includes:

  • Man–in-the-middle (MITM): packet sniffs on link between the two endpoints, and therefore can pretend to be one end of the connection.

  • Routing re-direct: redirects routing information from the original host to the attacker’s host (a variation on the man-in the-middle attack).

  • Source routing: The attacker redirects individual packets by the hacker’s host.

  • Smurfing: ICMP packet spoofed to originate from the victim, destined for the broadcast adress, causing all hosts on the network to respond to the victim at once. This congests network bandwidth, floods the victim, and causes a loop at the victim.


Uses of spoofing

USES OF SPOOFING

  • IP spoofing is most frequently used in denial-of-service attacks.

  • In such attacks, the goal is to flood the victim with large amounts of traffic, and the attacker does not care about receiving responses to his attack packets.

  • Packets with spoofed address are more difficult to filter since each spoofed packet appears to come from a different address, and they hide the true source of the attack.

  • Denial of service attacks that use spoofing typically randomly choose addresses from the entire IP address space

  • This mechanisms might avoid unroutable addresses or unused portions of the IP address space.

  • IP spoofing can also be a method of attack used by network intruders to defeat network security measures, such as authentication based on IP addresses.

  • By spoofing a connection from a trusted machine, an attacker may be able to access the target machine without authenticating.


Stopping of spoofing attacks

STOPPING OF SPOOFING ATTACKS

Encryption

Disable Ping

More secure authentication

Good random number generator

Shorten time-out value in TCP/IP requests

Firewall


Ip spoofing is still developing

IP Spoofing is still developing

  • IP spoofing is still possible today, but has to develop in the face of growing security.

  • New techniques includes a method of using IP spoofing to perform remote scans and determine the Sequence number

  • This allows a session Hijack attack even if the Attacker is blind


Conclusion

CONCLUSION

  • IP Spoofing is an old school Hacker trick that continues to evolve.

  • Can be used for a wide variety of purposes.

  • This will continue to represent a threat as long as each layer continues to trust each other and people are willing to destroy that trust.


References

REFERENCES

  • http://www.google.com

  • http://en.wikipedia.org

  • http://www.securityfocus.com

  • http://www.encyclopedia.com


  • Login