1 / 21

IP SPOOFING : A Hacking Technique

IP SPOOFING : A Hacking Technique. TOPICS. What is TCP/IP TCPIP protocol architecture What is IP & TCP TCPIP Protocol working What is IP Spoofing & its working IP Spoofing Examples IP Spoofing Attacks Uses of IP Spoofing Stopping Methods Of Spoofing IP Spoofing is still developing

paloma
Download Presentation

IP SPOOFING : A Hacking Technique

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IP SPOOFING: A Hacking Technique

  2. TOPICS • What is TCP/IP • TCP\IP protocol architecture • What is IP & TCP • TCP\IP Protocol working • What is IP Spoofing & its working • IP Spoofing Examples • IP Spoofing Attacks • Uses of IP Spoofing • Stopping Methods Of Spoofing • IP Spoofing is still developing • Conclusion • References

  3. What is TCP/IP • General use of term “TCP/IP” describes the Architecture upon which the Internet is built. • TCP/IP are specific protocols within that architecture.

  4. TCP/IP PROTOCOL ARCHITECTURE Application Transport TCP Internet IP Data Link Physical

  5. What is IP • IP is the Internet protocol used in Internet layer. • It does not guarantee delivery or ordering, only it move packets from a source address to a destination address. • IP addresses are used to express the source and destination. • IP assumes that each address is unique within the network.

  6. What is TCP • TCP is the Transmission Control Protocol used in Transport layer. • It guarantees delivery and ordering, but depends upon IP to move packets to proper destination. • Port numbers are used to express source and destination. • Destination Port is assumed to be awaiting packets of data.

  7. TCP/IP PROTOCOL WORKING Client Using Mozilla Some Web Server HTTP - GET Application Application Transport Transport TCP – Port 80 Internet Internet IP – 10.24.1.1 Data Link Data Link MAC – 00:11:22:33:44:55 Physical Physical 1101001001110100110100110101

  8. What is IP SPOOFING • IP spoofing is the creation of TCP/IP packets with somebody else's IP address in the header. • Routers use the destination IP address to forward packets, but ignore the source IP address. • The source IP address is used only by the destination machine, when it responds back to the source. • When an attacker spoofs someone’s IP address, the victim’s reply goes back to that address. • Because the source address is not the same as the attacker’s address, any replies generated by the destination will not be sent to the attacker. • Since the attacker does not receive packets back, this is called a one-way attack or blind spoofing.

  9. To see the return packets, the attacker must intercept them. Attacker must have an alternate way to spy on traffic/predict responses. To maintain a connection, Attacker must fulfill the protocol requirements Attacker normally within a LAN/on the communication path between server and client. Attacker is not blind, since the he can see traffic from both server and client.

  10. Steps for SPOOFING IP IP spoofing Technique consists of these steps: • Selecting a target host (the victim). • Identifying a host that has a "trust" relationship with the target. This can be accomplished by looking at the traffic of the target host. There cannot be an attack if the target does not trust anyone. • The trusted host is then disabled using SYN flooding and the target’s TCP sequence numbers are sampled.

  11. A connection attempt is made to a service that only requires address-based authentication (no user id or password). If a successful connection is made, the attacker executes a simple command to leave a backdoor. This allows for simple re-entries in a non-interactive way for the attacker.

  12. Establishing a TCP Connection

  13. IP Spoofing Example: A Valid Source IP

  14. IP Spoofing Example: A Spoofed Source IP

  15. Actually what happens? Alice Bob 2. Eve can monitor traffic between Alice and Bob without altering the packets or sequence numbers. I’m Bob! I’m Alice! 1. Eve assumes a man-in-the-middle position through some mechanism. For example, Eve could use Arp Poisoning, social engineering, router hacking etc... 3. At any point, Eve can assume the identity of either Bob or Alice through the Spoofed IP address. This breaks the pseudo connection as Eve will start modifying the sequence numbers Eve

  16. IP SPOOFING ATTACKS Attacks using IP spoofing includes: • Man–in-the-middle (MITM): packet sniffs on link between the two endpoints, and therefore can pretend to be one end of the connection. • Routing re-direct: redirects routing information from the original host to the attacker’s host (a variation on the man-in the-middle attack). • Source routing: The attacker redirects individual packets by the hacker’s host. • Smurfing: ICMP packet spoofed to originate from the victim, destined for the broadcast adress, causing all hosts on the network to respond to the victim at once. This congests network bandwidth, floods the victim, and causes a loop at the victim.

  17. USES OF SPOOFING • IP spoofing is most frequently used in denial-of-service attacks. • In such attacks, the goal is to flood the victim with large amounts of traffic, and the attacker does not care about receiving responses to his attack packets. • Packets with spoofed address are more difficult to filter since each spoofed packet appears to come from a different address, and they hide the true source of the attack. • Denial of service attacks that use spoofing typically randomly choose addresses from the entire IP address space • This mechanisms might avoid unroutable addresses or unused portions of the IP address space. • IP spoofing can also be a method of attack used by network intruders to defeat network security measures, such as authentication based on IP addresses. • By spoofing a connection from a trusted machine, an attacker may be able to access the target machine without authenticating.

  18. STOPPING OF SPOOFING ATTACKS Encryption Disable Ping More secure authentication Good random number generator Shorten time-out value in TCP/IP requests Firewall

  19. IP Spoofing is still developing • IP spoofing is still possible today, but has to develop in the face of growing security. • New techniques includes a method of using IP spoofing to perform remote scans and determine the Sequence number • This allows a session Hijack attack even if the Attacker is blind

  20. CONCLUSION • IP Spoofing is an old school Hacker trick that continues to evolve. • Can be used for a wide variety of purposes. • This will continue to represent a threat as long as each layer continues to trust each other and people are willing to destroy that trust.

  21. REFERENCES • http://www.google.com • http://en.wikipedia.org • http://www.securityfocus.com • http://www.encyclopedia.com

More Related