1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP...
-
Upload
erick-mccarthy -
Category
Documents
-
view
213 -
download
0
Transcript of 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP...
![Page 1: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/1.jpg)
1
Tao WanDigital Security Group
School of Computer ScienceCarleton University
Oct 30, 2003
IP Spoofing Attacks & Defenses
![Page 2: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/2.jpg)
2
Outline
IntroductionIP Spoofing AttacksIP Spoofing Defenses Concluding Remarks
![Page 3: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/3.jpg)
3
Introduction
![Page 4: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/4.jpg)
4
Protocol Stacks
Physical Layer
Data Link Layer
Network Layer
Transport Layer
Session Layer
Presentation Layer
Application Layer
OSI Model
802.3 802.11others
IP
TCP UDP
HTTP SNMP
![Page 5: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/5.jpg)
5
Protocol Stacks
802.3 802.11others
IP
TCP UDP
HTTP SNMP
IP
![Page 6: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/6.jpg)
6
Data Transmissions
Data link/physical
IP
TCP UDP
Application
IP
TCP UDP
dataTCP
headerIP
header
data
dataTCP
header
dataTCP
headerIP
header
dataTCP
header
data
A B
routing
Data link/physical
Application
![Page 7: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/7.jpg)
7
IP Header
![Page 8: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/8.jpg)
8
TCP Header
![Page 9: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/9.jpg)
9
Security Services
Entity AuthenticationWhat do you knowWhat do you haveWhat do you inherit
IntegrityMessage authentication
Confidentiality Encryption
…
![Page 10: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/10.jpg)
10
IP Spoofing Attacks
![Page 11: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/11.jpg)
11
IP Spoofing Attacks
IP SpoofingDoS by PingTCP Sync FloodingSession Hijacking
![Page 12: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/12.jpg)
12
IP Spoofing
A10.10.10.1
www.carleton.ca134.117.1.60
http://www.carleton.ca
10.10.10.1
Src_IP
134.117.1.60
dst_IP
Any (>1024)
Src_port
80
dst_port
11.11.11.1
Src_IP
134.117.1.60
dst_IP
Any (>1024)
Src_port
80
dst_port
spoofing
![Page 13: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/13.jpg)
13
IP Spoofing Attacks Smurf IP DoS
A T1
T2
T3
Tn
192.168.1.0
ICMP Echo Request
Dest: 192.168.1.255
Source: V
V
ICMP Ech
o Rep
ly
Source: T
1; Dest
V
![Page 14: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/14.jpg)
14
Mail Address Spoofing Attacks
Mail-bombs
ASears
Canadian Tire
Bell Canada
Catalog Request
Return Addr: V
VBoston Pizza
Phonebook Request
Return Addr: V
Pizza orders
Return Addr: V
![Page 15: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/15.jpg)
15
IP Spoofing Attacks TCP 3 Way Handshake
A B
TCP SYN
TCP SYN+ACK
TCP ACK
Half-open buffer
Open buffer
A
A
Half-open buffer has limited size
Half-open connection has a timer associated with
![Page 16: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/16.jpg)
16
IP Spoofing Attacks TCP Sync Flooding (DDos)
A
V
B C
D
E
FGH
J
I
TCP SYNTCP SYN/ACK
A
B
C
D
E
Half-open buffer is full
![Page 17: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/17.jpg)
17
IP Spoofing Defenses
![Page 18: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/18.jpg)
18
IP Spoofing Defenses
It is a VERY hard problemIngress/Egress FilteringIP Authentication (IPsec AH)Cryptographic Generated Address (CGA)
![Page 19: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/19.jpg)
19
IP Spoofing Defenses Ingress/Egress Filtering
Internet
B
IDS
Router Firewall 10.10.10.0
10.10.0.0
if src_addr is from 10.10.10.0then forwardelse drop
if src_addr is from 10.10.0.0then forwardelse drop
if src_addr is from 10.10.0.0then dropelse forward
![Page 20: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/20.jpg)
20
IP Spoofing Defenses IPSec (???)
Two ProtocolsAuthentication Header (AH)Encapsulating Security Payload
Two ModesTransport ModeTunnel Mode
![Page 21: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/21.jpg)
21
IP Spoofing Defenses IP Authentication Header (AH)
IP Header Payload
IP Header Payload
AH Header
Original IP Packet
New IP Packet
AH in Transport Mode
![Page 22: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/22.jpg)
22
IP Spoofing Defenses IP Authentication Header (AH)
IP Header Payload
New IP Header
AH Header
IP Header Payload
New Payload
Original IP Packet
New IP Packet
AH in Tunnel Mode
![Page 23: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/23.jpg)
23
IP Spoofing Defenses IPSec (???)
Data Origin AuthenticationIP address is not modified en routeIs it a real or spoofed IP ??
Message IntegrityReplay Prevention
![Page 24: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/24.jpg)
24
IP Spoofing Defenses Cryptographic Generated Address
(CGA)IPv6
MD564-bit 64-bit
Routing prefix Routing prefix Public Key Nonce Digital Signature128-bit IPv6 addr
Sent within IPv6 hdr
![Page 25: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/25.jpg)
25
IP Spoofing Defenses Cryptographic Generated Address
(CGA)IPv6
How about IPv4Does everyone have a pair of private/public keys (authenticated)?DoS by engaging a recipient into a endless process of verifying CGAs
![Page 26: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/26.jpg)
26
Concluding Remarks
IP spoofing is a common technique for attacks
There is not too much we can do about it
![Page 27: 1 Tao Wan Digital Security Group School of Computer Science Carleton University Oct 30, 2003 IP Spoofing Attacks & Defenses.](https://reader030.fdocuments.net/reader030/viewer/2022032607/56649eba5503460f94bc2460/html5/thumbnails/27.jpg)
27
Thanks !