IP SPOOFING : A Hacking Technique. TOPICS. What is TCP/IP TCP\IP protocol architecture What is IP & TCP TCP\IP Protocol working What is IP Spoofing & its working IP Spoofing Examples IP Spoofing Attacks Uses of IP Spoofing Stopping Methods Of Spoofing IP Spoofing is still developing
Client Using Mozilla
Some Web Server
HTTP - GET
TCP – Port 80
IP – 10.24.1.1
MAC – 00:11:22:33:44:55
somebody else's IP address in the header.
machine, when it responds back to the source.
victim’s reply goes back to that address.
To see the return packets, the attacker must intercept them.
Attacker must have an alternate way to spy on traffic/predict responses.
To maintain a connection, Attacker must fulfill the protocol requirements
Attacker normally within a LAN/on the communication path between server and client.
Attacker is not blind, since the he can see traffic from both server and client.
IP spoofing Technique consists of these steps:
A connection attempt is made to a service that only requires address-based authentication (no user id or password).
If a successful connection is made, the attacker executes a simple command to leave a backdoor. This allows for simple re-entries in a non-interactive way for the attacker.
2. Eve can monitor traffic between Alice and Bob without altering the packets or sequence numbers.
1. Eve assumes a man-in-the-middle position through some mechanism. For example, Eve could use Arp Poisoning, social engineering, router hacking etc...
3. At any point, Eve can assume the identity of either Bob or Alice through the Spoofed IP address. This breaks the pseudo connection as Eve will start modifying the sequence numbers
Attacks using IP spoofing includes:
More secure authentication
Good random number generator
Shorten time-out value in TCP/IP requests