31-07-2012, 01:34 PM
IP address spoofing and its application
IP address spoofing .docx (Size: 1.91 MB / Downloads: 33)
Abstract
The paper focuses on IP address spoofing and its application. In section one we introduce what is IP address spoofing. Section two is about IP routing mechanism and its problems. The section three is about forms of IP address spoofing and its applications, we concentrate on splitting routing (asymmetric routing), sat dsl, nat and IP masquerading. In section four we talk about some attacks based on IP address spoofing. Section five is about how to stop IP address spoofing. In the last section, we describe the experiment we did, a splitting routing IP spoofing scenario.
IP address spoofing is the creation of IP packets using somebody else’s IP source addresses. This technique is used for obvious reasons and is employed in several of the attacks discussed later. Examining the IP header, we can see that the first 12 bytes contain various informations about the packet. The next 8 bytes, however, contains the source and destination IP addresses. Using one of several tools, an attacker can easily modify these addresses – specifically the “source address” field. A common misconception is that "IP spoofing" can be used to hide our IP address while surfing the Internet, chatting on-line, sending e-mail, and so forth. This is generally not true. Forging the source IP address causes the responses to be misdirected, meaning you cannot create a normal network connection.
Introduction
IP address spoofing is the creation of IP packets using somebody else’s IP source addresses.
This technique is used for obvious reasons and is employed in several of the attacks discussed later. Examining the IP header, we can see that the first 12 bytes contain various informations about the packet. The next 8 bytes, however, contains the source and destination IP addresses. Using one of several tools, an attacker can easily modify these addresses – specifically the “source address” field.
A common misconception is that "IP spoofing" can be used to hide our IP address while surfing the Internet, chatting on-line, sending e-mail, and so forth. This is generally not true. Forging the source IP address causes the responses to be misdirected, meaning you cannot create a normal network connection.
Asymmetric routing (Splitting routing)
Asymmetric routing means traffic goes over different interfaces for directions in and out. In other words, asymmetric routing is when the response to a packet follows a different path from one host to another than the original packet did. The more correct and more general answer is, for any source IP address 'A' and destination 'B', the path followed by any packet (request or response) from 'A' to 'B' is different than the path taken by a packet from 'B' to 'A'.
Probable problem with AOLs DSL connection setup
AOL DSL service implements a certain connection setup procedure in order to apply VPN (Virtual Private Network) for its users. When a user dials in to the AOL DSL ISP, these procedures are taken place:
1. User is connected to the ISP using a public account and so a network connection between user and the ISP is established. But user can only receive data using this connection, thus is not able to send any internet request.
2. On top of this connection, A VPN is established using user’s private account. After the authentication succeeds, a user can send and receive data through this VPN connection.
This certain procedures are AOL’s attempt to create secure internet traffic over DNS connection. But as it usually is, one solution to a security problem may lead to another problem. And this applies also to AOL’s DSL connection setup. With certain setup and an IP address spoofing technique, a user can connect to AOL DSL ISP, and download as much data as he wants using this connection without paying any cent. This picture depicts such setup and how the attack works.