Ip spoofing a hacking technique
1 / 21

IP SPOOFING : A Hacking Technique - PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

IP SPOOFING : A Hacking Technique. TOPICS. What is TCP/IP TCP\IP protocol architecture What is IP & TCP TCP\IP Protocol working What is IP Spoofing & its working IP Spoofing Examples IP Spoofing Attacks Uses of IP Spoofing Stopping Methods Of Spoofing IP Spoofing is still developing

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

IP SPOOFING : A Hacking Technique

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

IP SPOOFING: A Hacking Technique


  • What is TCP/IP

  • TCP\IP protocol architecture

  • What is IP & TCP

  • TCP\IP Protocol working

  • What is IP Spoofing & its working

  • IP Spoofing Examples

  • IP Spoofing Attacks

  • Uses of IP Spoofing

  • Stopping Methods Of Spoofing

  • IP Spoofing is still developing

  • Conclusion

  • References

What is TCP/IP

  • General use of term “TCP/IP” describes the Architecture upon which the Internet is built.

  • TCP/IP are specific protocols within that architecture.







Data Link


What is IP

  • IP is the Internet protocol used in Internet layer.

  • It does not guarantee delivery or ordering, only it move packets from a source address to a destination address.

  • IP addresses are used to express the source and destination.

  • IP assumes that each address is unique within the network.

What is TCP

  • TCP is the Transmission Control Protocol used in Transport layer.

  • It guarantees delivery and ordering, but depends upon IP to move packets to proper destination.

  • Port numbers are used to express source and destination.

  • Destination Port is assumed to be awaiting packets of data.


Client Using Mozilla

Some Web Server






TCP – Port 80



IP –

Data Link

Data Link

MAC – 00:11:22:33:44:55





  • IP spoofing is the creation of TCP/IP packets with

    somebody else's IP address in the header.

  • Routers use the destination IP address to forward packets, but ignore the source IP address.

  • The source IP address is used only by the destination

    machine, when it responds back to the source.

  • When an attacker spoofs someone’s IP address, the

    victim’s reply goes back to that address.

  • Because the source address is not the same as the attacker’s address, any replies generated by the destination will not be sent to the attacker.

  • Since the attacker does not receive packets back, this is called a one-way attack or blind spoofing.

To see the return packets, the attacker must intercept them.

Attacker must have an alternate way to spy on traffic/predict responses.

To maintain a connection, Attacker must fulfill the protocol requirements

Attacker normally within a LAN/on the communication path between server and client.

Attacker is not blind, since the he can see traffic from both server and client.


IP spoofing Technique consists of these steps:

  • Selecting a target host (the victim).

  • Identifying a host that has a "trust" relationship with the target. This can be accomplished by looking at the traffic of the target host. There cannot be an attack if the target does not trust anyone.

  • The trusted host is then disabled using SYN flooding and the target’s TCP sequence numbers are sampled.

A connection attempt is made to a service that only requires address-based authentication (no user id or password).

If a successful connection is made, the attacker executes a simple command to leave a backdoor. This allows for simple re-entries in a non-interactive way for the attacker.

Establishing a TCP Connection

IP Spoofing Example: A Valid Source IP

IP Spoofing Example: A Spoofed Source IP

Actually what happens?



2. Eve can monitor traffic between Alice and Bob without altering the packets or sequence numbers.

I’m Bob!

I’m Alice!

1. Eve assumes a man-in-the-middle position through some mechanism. For example, Eve could use Arp Poisoning, social engineering, router hacking etc...

3. At any point, Eve can assume the identity of either Bob or Alice through the Spoofed IP address. This breaks the pseudo connection as Eve will start modifying the sequence numbers



Attacks using IP spoofing includes:

  • Man–in-the-middle (MITM): packet sniffs on link between the two endpoints, and therefore can pretend to be one end of the connection.

  • Routing re-direct: redirects routing information from the original host to the attacker’s host (a variation on the man-in the-middle attack).

  • Source routing: The attacker redirects individual packets by the hacker’s host.

  • Smurfing: ICMP packet spoofed to originate from the victim, destined for the broadcast adress, causing all hosts on the network to respond to the victim at once. This congests network bandwidth, floods the victim, and causes a loop at the victim.


  • IP spoofing is most frequently used in denial-of-service attacks.

  • In such attacks, the goal is to flood the victim with large amounts of traffic, and the attacker does not care about receiving responses to his attack packets.

  • Packets with spoofed address are more difficult to filter since each spoofed packet appears to come from a different address, and they hide the true source of the attack.

  • Denial of service attacks that use spoofing typically randomly choose addresses from the entire IP address space

  • This mechanisms might avoid unroutable addresses or unused portions of the IP address space.

  • IP spoofing can also be a method of attack used by network intruders to defeat network security measures, such as authentication based on IP addresses.

  • By spoofing a connection from a trusted machine, an attacker may be able to access the target machine without authenticating.



Disable Ping

More secure authentication

Good random number generator

Shorten time-out value in TCP/IP requests


IP Spoofing is still developing

  • IP spoofing is still possible today, but has to develop in the face of growing security.

  • New techniques includes a method of using IP spoofing to perform remote scans and determine the Sequence number

  • This allows a session Hijack attack even if the Attacker is blind


  • IP Spoofing is an old school Hacker trick that continues to evolve.

  • Can be used for a wide variety of purposes.

  • This will continue to represent a threat as long as each layer continues to trust each other and people are willing to destroy that trust.


  • http://www.google.com

  • http://en.wikipedia.org

  • http://www.securityfocus.com

  • http://www.encyclopedia.com

  • Login