29-10-2012, 01:34 PM
IP Spoofing
IP Spoofing.ppt (Size: 147 KB / Downloads: 51)
spoofing.ppt (Size: 741.5 KB / Downloads: 134)
TCP/IP in 3 minute or less
General use of term describes the Architecture upon which the Interweb is built.
TCP/IP are specific protocols within that architecture.
IP is the internet layer protocol.
Does not guarantee delivery or ordering, only does its best to move packets from a source address to a destination address.
IP addresses are used to express the source and destination.
IP assumes that each address is unique within the network.
TCP is the transport layer protocol.
It guarantees delivery and ordering, but relies upon IP to move packets to proper destination.
Port numbers are used to express source and destination.
Destination Port is assumed to be awaiting packets of data.
IP Spoofing – Basic Overview
Basically, IP spoofing is lying about an IP address.
Normally, the source address is incorrect.
Lying about the source address lets an attacker assume a new identity.
Because the source address is not the same as the attacker’s address, any replies generated by the destination will not be sent to the attacker.
Attacker must have an alternate way to spy on traffic/predict responses.
To maintain a connection, Attacker must adhere to protocol requirements
IP Spoofing – Mitnick Attack
Merry X-mas! Mitnick hacks a Diskless Workstation on December 25th, 1994
The victim – Tsutomu Shinomura
The attack – IP spoofing and abuse of trust relationships between a diskless terminal and login server.
Mitnick Attack – Why it worked
Mitnick abused the trust relationship between the server and workstation
He flooded the server to prevent communication between it and the workstation
Used math skillz to determine the TCP sequence number algorithm (ie add 128000)
This allowed Mitnick to open a connection without seeing the workstations outgoing sequence numbers and without the server interrupting his attack
IP Spoofing - Session Hijack
IP spoofing used to eavesdrop/take control of a session.
Attacker normally within a LAN/on the communication path between server and client.
Not blind, since the attacker can see traffic from both server and client.
Conclusion
IP Spoofing is an old school Hacker trick that continues to evolve.
Can be used for a wide variety of purposes.
Will continue to represent a threat as long as each layer continues to trust each other and people are willing to subvert that trust.
IP Spoofing.ppt (Size: 147 KB / Downloads: 51)
spoofing.ppt (Size: 741.5 KB / Downloads: 134)
TCP/IP in 3 minute or less
General use of term describes the Architecture upon which the Interweb is built.
TCP/IP are specific protocols within that architecture.
IP is the internet layer protocol.
Does not guarantee delivery or ordering, only does its best to move packets from a source address to a destination address.
IP addresses are used to express the source and destination.
IP assumes that each address is unique within the network.
TCP is the transport layer protocol.
It guarantees delivery and ordering, but relies upon IP to move packets to proper destination.
Port numbers are used to express source and destination.
Destination Port is assumed to be awaiting packets of data.
IP Spoofing – Basic Overview
Basically, IP spoofing is lying about an IP address.
Normally, the source address is incorrect.
Lying about the source address lets an attacker assume a new identity.
Because the source address is not the same as the attacker’s address, any replies generated by the destination will not be sent to the attacker.
Attacker must have an alternate way to spy on traffic/predict responses.
To maintain a connection, Attacker must adhere to protocol requirements
IP Spoofing – Mitnick Attack
Merry X-mas! Mitnick hacks a Diskless Workstation on December 25th, 1994
The victim – Tsutomu Shinomura
The attack – IP spoofing and abuse of trust relationships between a diskless terminal and login server.
Mitnick Attack – Why it worked
Mitnick abused the trust relationship between the server and workstation
He flooded the server to prevent communication between it and the workstation
Used math skillz to determine the TCP sequence number algorithm (ie add 128000)
This allowed Mitnick to open a connection without seeing the workstations outgoing sequence numbers and without the server interrupting his attack
IP Spoofing - Session Hijack
IP spoofing used to eavesdrop/take control of a session.
Attacker normally within a LAN/on the communication path between server and client.
Not blind, since the attacker can see traffic from both server and client.
Conclusion
IP Spoofing is an old school Hacker trick that continues to evolve.
Can be used for a wide variety of purposes.
Will continue to represent a threat as long as each layer continues to trust each other and people are willing to subvert that trust.