01-03-2011, 11:27 AM
PRESENTED BY:
ASHISH KUMAR
IP Spoofing111111.ppt (Size: 218 KB / Downloads: 111)
IP Spoofing
• IP Spoofing is a technique used to gain unauthorized access to computers.
– IP: Internet Protocol
– Spoofing: using somebody else’s information
• Exploits the trust relationships
• Intruder sends messages to a computer with an IP address of a trusted host.
WHY IP SPOOFING IS EASY ?
• Problem with the Routers.
• Routers look at Destination addresses only.
• Authentication based on Source addresses only.
• To change source address field in IP header field is easy
IP SPOOFING STEPS
• Selecting a target host (the victim)
• Identify a host that the target “trust”
• Disable the trusted host, sampled the target’s TCP sequence
• The trusted host is impersonated and the ISN forged.
• Connection attempt to a service that only requires address-based authentication.
• If successfully connected, executes a simple command to leave a backdoor.
Spoofing Attacks
Spoofing is classified into :-
1. Non-blind spoofing :
This attack takes place when the attacker is on the same subnet as the target that could see sequence and acknowledgement of packets.
2. Blind spoofing :
This attack may take place from outside where sequence and acknowledgement numbers are unreachable. Attackers usually send several packets to the target machine in order to sample sequence numbers, which is doable in older days .
• 3. Denial of Service Attack :
IP spoofing is almost always used in denial of service attacks (DoS), in which attackers
are concerned with consuming bandwidth and resources by flooding the target with as
many packets as possible in a short amount of time
• 4. SMURF ATTACK :
Send ICMP ping packet with spoofed IP source address to a LAN which will broadcast to all hosts on the LAN
Each host will send a reply packet to the spoofed IP address leading to denial of service
5. Man - in - the – middle :
Packet sniffs on link between the two
endpoints, and therefore can pretend to
be one end of the connection.
ASHISH KUMAR
IP Spoofing111111.ppt (Size: 218 KB / Downloads: 111)
IP Spoofing
• IP Spoofing is a technique used to gain unauthorized access to computers.
– IP: Internet Protocol
– Spoofing: using somebody else’s information
• Exploits the trust relationships
• Intruder sends messages to a computer with an IP address of a trusted host.
WHY IP SPOOFING IS EASY ?
• Problem with the Routers.
• Routers look at Destination addresses only.
• Authentication based on Source addresses only.
• To change source address field in IP header field is easy
IP SPOOFING STEPS
• Selecting a target host (the victim)
• Identify a host that the target “trust”
• Disable the trusted host, sampled the target’s TCP sequence
• The trusted host is impersonated and the ISN forged.
• Connection attempt to a service that only requires address-based authentication.
• If successfully connected, executes a simple command to leave a backdoor.
Spoofing Attacks
Spoofing is classified into :-
1. Non-blind spoofing :
This attack takes place when the attacker is on the same subnet as the target that could see sequence and acknowledgement of packets.
2. Blind spoofing :
This attack may take place from outside where sequence and acknowledgement numbers are unreachable. Attackers usually send several packets to the target machine in order to sample sequence numbers, which is doable in older days .
• 3. Denial of Service Attack :
IP spoofing is almost always used in denial of service attacks (DoS), in which attackers
are concerned with consuming bandwidth and resources by flooding the target with as
many packets as possible in a short amount of time
• 4. SMURF ATTACK :
Send ICMP ping packet with spoofed IP source address to a LAN which will broadcast to all hosts on the LAN
Each host will send a reply packet to the spoofed IP address leading to denial of service
5. Man - in - the – middle :
Packet sniffs on link between the two
endpoints, and therefore can pretend to
be one end of the connection.