15-06-2012, 10:59 AM
Seminar on Ip Address Spoofing
Ip Address Spoofing.pdf (Size: 664.84 KB / Downloads: 186)
Abstract
The paper focuses on IP address spoofing and its application. In section one we introduce what is IP address spoofing. Section two is about IP routing mechanism and its problems. The section three is about forms of IP address spoofing and its applications, we concentrate on splitting routing (asymmetric routing), sat dsl, nat and IP masquerading. In section four we talk about some attacks based on IP address spoofing. Section five is about how to stop IP address spoofing. In the last section, we describe the experiment we did, a splitting routing IP spoofing scenario.
What is IP address spoofing
IP address spoofing is the creation of IP packets using somebody else’s IP source addresses.
This technique is used for obvious reasons and is employed in several of the attacks discussed later. Examining the IP header, we can see that the first 12 bytes contain various information about the packet. The next 8 bytes, however, contains the source and destination IP addresses. Using one of several tools, an attacker can easily modify these addresses – specifically the “source address” field.
A common misconception is that "IP spoofing" can be used to hide our IP address while surfing the Internet, chatting on-line, sending e-mail, and so forth. This is generally not true. Forging the source IP address causes the responses to be misdirected, meaning you cannot create a normal network connection.
IP address spoofing and Applications
Asymmetric routing (Splitting routing)
Asymmetric routing means traffic goes over different interfaces for directions in and out. In other words, asymmetric routing is when the response to a packet follows a different path from one host to another than the original packet did. The more correct and more general answer is, for any source IP address 'A' and destination 'B', the path followed by any packet (request or response) from 'A' to 'B' is different than the path taken by a packet from 'B' to 'A'.
IP masquerade:
IP Masquerade, is a specific form of Network Address Translation (NAT) which allows internally connected computers that do not have registered Internet IP addresses to communicate to the Internet via the Linux server's Internet IP address. IP masquerading lets you use a single Internet-connected computer running Linux with a real IP address as a gateway for non-connected machines with "fake" IP addresses. The Linux box with a real address handles mapping packets from your intranet out to the Internet, and when responses come back, it maps them back to your intranet.