06-04-2013, 04:16 PM
IP Spoofing Attack
IP Spoofing.ppt (Size: 1.36 MB / Downloads: 42)
IP spoofing
IP spoofing is a technique used to gain unauthorized access to computers, where by the attacker sends messages to a computer with a forging IP address indicating that the message is coming from a trusted host.
Attacker puts a trusted IP address as its source. The access control device sees the IP address as trusted and lets it through.
IP spoofing occurs when a hacker inside or outside a network impersonates the conversations of a trusted computer.
Two general techniques are used during IP spoofing:
A hacker uses an IP address that is within the range of trusted IP addresses.
A hacker uses an authorized external IP address that is trusted.
Consequences for IP spoofing include the following:
IP spoofing is usually limited to the injection of malicious data or commands into an existing stream of data.
A hacker changes the routing tables to point to the spoofed IP address, then the hacker can receive all the network packets that are addressed to the spoofed address and reply just as any trusted user can.
Why IP Spoofing is easy?
Problem with the Routers.
Routers look at Destination addresses only.
Authentication based on Source addresses only.
To change source address field in IP header field is easy.
Spoofing Attacks:
Blind spoofing
This attack may take place from outside where sequence and acknowledgement numbers are unreachable. Attackers usually send several packets to the target machine in order to sample sequence numbers, which is doable in older days .
Man in the Middle Attack
This is also called connection hijacking. In this attacks, a malicious party intercepts a legitimate communication between two hosts to control the flow of communication and to eliminate or alter the information sent by one of the original participants without their knowledge.
Denial of Service Attack
conducting the attack, attackers spoof source IP addresses to make tracing and stopping the DoS as difficult as possible. When multiple compromised hosts are participating in the attack, all sending spoofed traffic, it is very challenging to quickly block the traffic.
IP spoofing is almost always used in denial of service attacks (DoS), in which attackers are concerned with consuming bandwidth and resources by flooding the target with as many packets as possible in a short amount of time. To effectively
Prevention IP spoofing
If your vendor’s router does not support filtering on the inbound side of the interface or if there will be a delay in incorporating the feature into your system, you may filter the spoofed IP packets by using a second router between your external interface and your outside connection. Configure this router to block, on the outgoing interface connected to your original router, all packets that have a source address in your internal network.