This article is presented by:Rajkumar
[attachment=4234]
[attachment=4226]
ABSRACT
In IP spoofing, an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine by “spoofing” the IP address of that machine. In the subsequent pages of this report, we will examine the concepts of IP spoofing: why it is possible, how it works, what it is used for and how to defend against it. To engage in IP spoofing, a hacker must first use a variety of techniques to find an IP address of a trusted host and then modify the packet headers so that it appears that the packets are coming from that host. After the occurrence of the infamous Internet Worm, IP spoofing has been identified as a real risk to the Internet and computer network community. Since then, the Internet has suffered a huge number of large-scale attacks. There are many variants of IP spoofing used in an attack. In this paper, we aim to examine the attack methods, and to identify counter-measures. IP spoofing uses the idea of trust relationships. The attack is a "blind" one, meaning the attacker will be assuming the identity of a "trusted" host. From the perspective of the target host, it is simply carrying on a "normal" conversation with a trusted host. In reality, the host is conversing with an attacker who is busy forging IP packets. The data that the target sends back (destined for the trusted host) will go to the trusted host, which the attacker never “sees” them. To prevent disruption from the trusted host, he has to disable the trusted host, using DOS, so that it will not respond to the target‟s replies. The attacker must guess what the target sends and the type of response the server is looking for. By trial communication with the target, the attacker can predict the initial sequence number (ISN) in the target‟s response. He then does not need to actually "see" the response. This allows him to work in the "blind" and manipulate the system.
[attachment=4234]
[attachment=4226]
ABSRACT
In IP spoofing, an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine by “spoofing” the IP address of that machine. In the subsequent pages of this report, we will examine the concepts of IP spoofing: why it is possible, how it works, what it is used for and how to defend against it. To engage in IP spoofing, a hacker must first use a variety of techniques to find an IP address of a trusted host and then modify the packet headers so that it appears that the packets are coming from that host. After the occurrence of the infamous Internet Worm, IP spoofing has been identified as a real risk to the Internet and computer network community. Since then, the Internet has suffered a huge number of large-scale attacks. There are many variants of IP spoofing used in an attack. In this paper, we aim to examine the attack methods, and to identify counter-measures. IP spoofing uses the idea of trust relationships. The attack is a "blind" one, meaning the attacker will be assuming the identity of a "trusted" host. From the perspective of the target host, it is simply carrying on a "normal" conversation with a trusted host. In reality, the host is conversing with an attacker who is busy forging IP packets. The data that the target sends back (destined for the trusted host) will go to the trusted host, which the attacker never “sees” them. To prevent disruption from the trusted host, he has to disable the trusted host, using DOS, so that it will not respond to the target‟s replies. The attacker must guess what the target sends and the type of response the server is looking for. By trial communication with the target, the attacker can predict the initial sequence number (ISN) in the target‟s response. He then does not need to actually "see" the response. This allows him to work in the "blind" and manipulate the system.
