Spoofing - PowerPoint PPT Presentation

nat
spoofing n.
Skip this Video
Loading SlideShow in 5 Seconds..
Spoofing PowerPoint Presentation
play fullscreen
1 / 16
Download Presentation
Spoofing
330 Views
Download Presentation

Spoofing

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Spoofing Keegan Haukaas, Samuel Robertson, Jack Murdock

  2. Overview • Email Spoofing • IP Spoofing • Web Spoofing

  3. Email Spoofing • Pretending to send an email from someone else

  4. Reasons for Email Spoofing • Hide Identity • Impersonate Company or Authority

  5. How to Spoof an Email • SMTP functions • Insert commands in headers

  6. Examples • Posing as a Bank • Posing as Facebook • Posing as Relative

  7. Mitigating Email Spoofing • Look at address • Read through message • Check links against legitimate site

  8. Reporting Email Spoofing • Legitimate Company/Person • Federal Trade Commission spam@uce.gov

  9. IP Spoofing • IP spoofing is when the IP source address is changed in the packet header • Legitimate uses' of IP Spoofing- Website Testing • Illegitimate uses of IP Spoofing • DoS • Gain entry to System

  10. IP Spoofing (cont.) • Nmap • Ipconfig /all • Nmap –iflist • Nmap –e eth7 –S 10.154.14.138.10.25.17.45 • Defense against IP Spoofing • Packet Filtering • DO NOT rely only on IP address to gain access

  11. Web Spoofing • General techniques: • Similar URL • Copy Site design/code • “Malvertising”

  12. Similar URL • Mistyping • Favebook vs Facebook • Alternate Top-Level Domains • Whitehouse.gov vs Whitehouse.com • Countermeasures: • Purchase the alternate domain, check spelling, check security certificate

  13. Design Hijacking • Copies all (or all accessible) HTML, CSS, JavaScript, etc. • Incorporates design into new site • Most likely also uses a spoofed/similar URL • Check for Security Certificate/HTTPS • Websites need to be verified in some way to be granted a certificate • Countermeasures: • Code obfuscation, closed-source, HTTPS, etc.

  14. Malvertising • Stands for Malicious Advertising • Exploits ads in sites • Attacker puts up “clean” ads, gains reputation • Then injects malicious code into advertisements • “Drive-by” style attacks, or click activation • Attacker hacks site, injects code into banner ads • Countermeasures: • Install AdBlock, don’t click on ads, avoid sites with instrusive/pop-up ads, check site’s reputation

  15. Summary • Email Spoofing • IP Spoofing • Web Spoofing

  16. Q A &