07-04-2011, 03:23 PM
PRESENTED BY
SHARANJIT KAUR
[attachment=11866]
IP SPOOFING
“IP SPOOFING IS SOMEWHAT SIMILAR TO THE HIJACKING OF A PLANE”
IP SPOOFING ?
• IP spoofing is a technique used to gain unauthorized access to computers.
• It refers to creation of internet protocol (IP) packets with a forged source IP address , with the purpose of concealing the identity of the sender or impersonating another computer system.
• Spoofing is the creation of TCP/IP packets using somebody else's IP address.
IP SPOOFING
Why IP spoofing is easy?
• Problem with the routers.
• Routers looks only at the destination address.
• Authentication based on the source addresses only.
• To change source address field in IP header field is easy.
SPOOFING ATTACKS
Spoofing attacks are-
• Non Blind Spoofing
• Blind Spoofing
• Man in the middle (MITM) attack
• Denial of service (DoS) attack
Non Blind Spoofing-
• This type of attack takes place when the attacker is on the same subnet as the victim.
• The biggest threat of spoofing in this instance would be session hijacking.
Blind Spoofing-
• IP spoofing is an integral part of many network attacks that do not need to see responses .
• Blind spoofing predicts responses from a host, allowing commands to be sent, but cannot get immediate feedback.
Man in the middle attack-
• Both types of spoofing are forms of a common security violation known as a man in the middle (MITM) attack.
• In these attacks, a malicious party intercepts a legitimate communication between two friendly parties. The malicious host then controls the flow of communication and can eliminate or alter the information sent by one of the original participants without the knowledge of either the original sender or the recipient.
• In this way, an attacker can fool a victim into disclosing confidential information by “spoofing” the identity of the original sender, who is presumably trusted by the recipient.
• Packet sniffs on page link between the two end points and can therefore pretend to be one end of the connection.
Denial of Service Attack-
• IP spoofing is almost always used in what is currently one of the most difficult attacks to defend against – denial of service attacks.
• Crackers wish to flood the victim with as many packets as possible in a short amount of time.
WHY IP SPOOFING IS USED?
• IP spoofing is used to commit criminal activity online and to breach network security.
• Hackers use IP spoofing so they do not get caught spamming and to perpetrate denial of service attacks.
• These are attacks that involve massive amounts of information being sent to computers over a network in an effort to crash the entire network. The hacker does not get caught because the origin of the messages cannot be determined due to the bogus IP address .
• IP spoofing is also used by hackers to breach network security measures by using a bogus IP address that mirrors one of the addresses on the network. This eliminates the need for the hacker to provide a user name and password to log onto the network.
DEFENDING AGAINST SPOOFING
There are a few precautions that can be taken to limit IP spoofing risks on your network, such as
• Filtering at the Router
• Encryption and Authentication
MISCONCEPTION OF SPOOFING
• A common misconception is that “IP Spoofing” can be used to hide your IP address while surfing the internet , chatting on-line ,sending e-mail and so forth. This is generally not true.
• Forging the source IP address causes the responses to be misdirected ,meaning you cannot create a normal network connection.
CONCLISION
• IP Spoofing is a problem without an easy solution, since it’s inherent to the design of the TCP/IP suite.
• Understanding how and why spoofing attacks are used, combined with a few simple prevention methods, can help protect your network from these malicious cloaking and cracking techniques.
SHARANJIT KAUR
[attachment=11866]
IP SPOOFING
“IP SPOOFING IS SOMEWHAT SIMILAR TO THE HIJACKING OF A PLANE”
IP SPOOFING ?
• IP spoofing is a technique used to gain unauthorized access to computers.
• It refers to creation of internet protocol (IP) packets with a forged source IP address , with the purpose of concealing the identity of the sender or impersonating another computer system.
• Spoofing is the creation of TCP/IP packets using somebody else's IP address.
IP SPOOFING
Why IP spoofing is easy?
• Problem with the routers.
• Routers looks only at the destination address.
• Authentication based on the source addresses only.
• To change source address field in IP header field is easy.
SPOOFING ATTACKS
Spoofing attacks are-
• Non Blind Spoofing
• Blind Spoofing
• Man in the middle (MITM) attack
• Denial of service (DoS) attack
Non Blind Spoofing-
• This type of attack takes place when the attacker is on the same subnet as the victim.
• The biggest threat of spoofing in this instance would be session hijacking.
Blind Spoofing-
• IP spoofing is an integral part of many network attacks that do not need to see responses .
• Blind spoofing predicts responses from a host, allowing commands to be sent, but cannot get immediate feedback.
Man in the middle attack-
• Both types of spoofing are forms of a common security violation known as a man in the middle (MITM) attack.
• In these attacks, a malicious party intercepts a legitimate communication between two friendly parties. The malicious host then controls the flow of communication and can eliminate or alter the information sent by one of the original participants without the knowledge of either the original sender or the recipient.
• In this way, an attacker can fool a victim into disclosing confidential information by “spoofing” the identity of the original sender, who is presumably trusted by the recipient.
• Packet sniffs on page link between the two end points and can therefore pretend to be one end of the connection.
Denial of Service Attack-
• IP spoofing is almost always used in what is currently one of the most difficult attacks to defend against – denial of service attacks.
• Crackers wish to flood the victim with as many packets as possible in a short amount of time.
WHY IP SPOOFING IS USED?
• IP spoofing is used to commit criminal activity online and to breach network security.
• Hackers use IP spoofing so they do not get caught spamming and to perpetrate denial of service attacks.
• These are attacks that involve massive amounts of information being sent to computers over a network in an effort to crash the entire network. The hacker does not get caught because the origin of the messages cannot be determined due to the bogus IP address .
• IP spoofing is also used by hackers to breach network security measures by using a bogus IP address that mirrors one of the addresses on the network. This eliminates the need for the hacker to provide a user name and password to log onto the network.
DEFENDING AGAINST SPOOFING
There are a few precautions that can be taken to limit IP spoofing risks on your network, such as
• Filtering at the Router
• Encryption and Authentication
MISCONCEPTION OF SPOOFING
• A common misconception is that “IP Spoofing” can be used to hide your IP address while surfing the internet , chatting on-line ,sending e-mail and so forth. This is generally not true.
• Forging the source IP address causes the responses to be misdirected ,meaning you cannot create a normal network connection.
CONCLISION
• IP Spoofing is a problem without an easy solution, since it’s inherent to the design of the TCP/IP suite.
• Understanding how and why spoofing attacks are used, combined with a few simple prevention methods, can help protect your network from these malicious cloaking and cracking techniques.
