IP SpoofingIP Spoofing BYBY

R.seetharama raoR.seetharama rao

BT – ITBT – IT

UNDER GUIDANCE OFUNDER GUIDANCE OF

Mr.murtuza

IP SPOOFING ?IP SPOOFING ?

• IP Spoofing is a technique used to gain IP Spoofing is a technique used to gain unauthorized access to computers.unauthorized access to computers.

– IP: Internet ProtocolIP: Internet Protocol

– Spoofing: using somebody else’s Spoofing: using somebody else’s informationinformation

• Exploits the trust relationshipsExploits the trust relationships

• Intruder sends messages to a computer with Intruder sends messages to a computer with an IP address of a trusted host.an IP address of a trusted host.

IP SPOOFINGIP SPOOFING

WHY IP SPOOFING IS EASY ?WHY IP SPOOFING IS EASY ?

Problem with the RoutersProblem with the Routers..

Routers look at Destination addresses only.Routers look at Destination addresses only.

Authentication based on Source addresses only.Authentication based on Source addresses only.

IP SPOOFING STEPSIP SPOOFING STEPS

• Selecting a target hostSelecting a target host

• Identify a host that the target “trust”Identify a host that the target “trust”

• Disable the trusted hostDisable the trusted host

• Connection attempt to a service that only Connection attempt to a service that only

requires address-based authentication.requires address-based authentication.

• If successfully connected, executes a simple If successfully connected, executes a simple

command to leave a backdoor.command to leave a backdoor.

Spoofing AttacksSpoofing Attacks

Spoofing is classified into :-Spoofing is classified into :-

1.1.Non-blind spoofingNon-blind spoofing

2.2.Blind spoofing Blind spoofing

3.3.Man - in - the – middle Man - in - the – middle

Detection of IP Detection of IP SpoofingSpoofing

If you monitor packets using network-If you monitor packets using network-monitoring software such as net log, look for monitoring software such as net log, look for a packet on your external interface that has a packet on your external interface that has both its source and destination IP addresses both its source and destination IP addresses in your local domain. If you find one, you are in your local domain. If you find one, you are

currently under attackcurrently under attack..

IP-Spoofing Counter-IP-Spoofing Counter-measuresmeasures

No insecure authenticated servicesNo insecure authenticated services

Disable commands like pingDisable commands like ping

Use encryptionUse encryption

IP Trace-backIP Trace-back

• To trace back as close to the attacker’s To trace back as close to the attacker’s

location as possiblelocation as possible

• Limited in reliability and efficiencyLimited in reliability and efficiency

• Require cooperation of many other Require cooperation of many other

network operators along the routing pathnetwork operators along the routing path

Applications Applications

Asymmetric routing (Splitting Asymmetric routing (Splitting

routing)routing)

NAT (Network Address Transaction)NAT (Network Address Transaction)

IP MasqueradeIP Masquerade

ADVANTAGESADVANTAGES

Multiple ServersMultiple Servers

Transparent ProxyingTransparent Proxying

DISADVANTAGESDISADVANTAGES

Blind to Replies :Blind to Replies : In the scanning attack as we will see In the scanning attack as we will see

next the attacker may need to see replies in such next the attacker may need to see replies in such cases ,the attacker can not use IP address cases ,the attacker can not use IP address spoofing .spoofing .

Serial attack platforms:Serial attack platforms: AAttacker attacks the target victim ttacker attacks the target victim

using a point host-the last host in the attack using a point host-the last host in the attack chain .Even if authorities learn the point host’s chain .Even if authorities learn the point host’s identityidentity

CONCLUSIONCONCLUSION

IP spoofing attacks is unavoidableIP spoofing attacks is unavoidable..

Understanding how and why spoofing Understanding how and why spoofing attacks are used, combined with a few attacks are used, combined with a few simple prevention methods, can help protect simple prevention methods, can help protect your network from these malicious cloaking your network from these malicious cloaking

and cracking techniquesand cracking techniques..

THANK YOU !THANK YOU !