25-08-2017, 09:32 PM
Web Spoofing Seminar Report
Web Spoofing.ppt (Size: 311.5 KB / Downloads: 57)
SPOOFING.doc (Size: 33.5 KB / Downloads: 34)
Spoofing Attacks.doc (Size: 1.17 MB / Downloads: 46)
Introduction
We discuss in this seminar an Internet security attack that could endanger the privacy of World Wide Web users and the integrity of their data. The attack can be carried out on today’s systems, endangering users of the most common Web browsers, including Netscape Navigator and Microsoft Internet Explorer.
Web spoofing allows an attacker to create a “shadow copy” of the entire World Wide Web. Accesses to the shadow Web are funneled through the attacker’s machine, allowing the attacker to monitor all of the victim’s activities including any passwords or account numbers the victim enters. The attacker can also cause false or misleading data to be sent to Web servers in the victim’s name, or to the victim in the name of any Web server. In short, the attacker observes and controls everything the victim does on the Web.
I have implemented a demonstration version of this attack.
Spoofing
Definition:
An attacker alters his identity so that some one thinks he is some one else
Email, User ID, IP Address, …
Attacker exploits trust relation between user and networked machines to gain access to machines
Types of Spoofing:
IP Spoofing:
Email Spoofing
Web Spoofing
Definition -Types of spoofing:
IP spoofing: Attacker uses IP address of another computer to acquire information or gain access
Email spoofing: Attacker sends email but makes it appear to come from someone else
Web spoofing: Attacker tricks web browser into communicating with a different web server than the user intended.
What is IP Spoofing?
IP spoofing is the creation of TCP/IP packets with somebody else's IP address in the header.
Routers use the destination IP address to forward packets, but ignore the source IP address.
The source IP address is used only by the destination machine, when it responds back to the source.
When an attacker spoofs someone’s IP address, the victim’s reply goes back to that address. Since the attacker does not receive packets back, this is called a one-way attack or blind spoofing.
To see the return packets, the attacker must intercept them.
Web Spoofing
Basic
Attacker registers a web address matching an entity e.g. votebush.com, geproducts.com, gesucks.com
Man-in-the-Middle Attack
Attacker acts as a proxy between the web server and the client
Attacker has to compromise the router or a node through which the relevant traffic flows
URL Rewriting
Attacker redirects web traffic to another site that is controlled by the attacker
Attacker writes his own web site address before the legitimate link
Tracking State
When a user logs on to a site a persistent authentication is maintained
This authentication can be stolen for masquerading as the user
Surveillance
The attacker can passively watch the traffic, recording which pages the victim visits and the contents of those pages. When the victim fills out a form, the entered data is transmitted to a Web server, so the attacker can record that too, along with the response sent back by the server. Since most on-line commerce is done via forms, this means the attacker can observe any account numbers or passwords the victim enters.
Spoofing the Whole Web
You may think it is difficult for the attacker to spoof the entire World Wide Web, but it is not. The attacker need not store the entire contents of the Web. The whole Web is available on-line; the attacker’s server can just fetch a page from the real Web when it needs to provide a copy of the page on the false Web.
Conclusion
As there is no definite means of detecting a spoofed site, we must use a number of heuristic checks which, in combination, prove reliable.
These heuristics will force attackers to work harder, and much like spam filtering and virus detection, techniques will have to continue to evolve.
Use of digitally signed email protects against “phishing” attacks.