Seminar Presentation IP Spoofing Attack, detection and effective method of prevention. Md. Sajan...
19
Seminar Presentation IP Spoofing Attack, detection and effective method of prevention. Md. Sajan Sana Ansari Id: 201206680 06/20/22 1
-
Upload
gervais-smith -
Category
Documents
-
view
222 -
download
0
Transcript of Seminar Presentation IP Spoofing Attack, detection and effective method of prevention. Md. Sajan...
Seminar PresentationIP Spoofing Attack, detection and
effective method of prevention.
Md. Sajan Sana AnsariId: 201206680
04/19/23 1
Outlines
Introduction to IP spoofingIP spoofing attackDetection strategiesPrevention methodComparisionSummaryConclusion
04/19/23 2
IP Spoofing
IP spoofing is simply refer as creating forged (fake) ip address by an attacker with intension of concealing identity of sender.
Attacker selects trusted ip address so that access control list in firewall can not recognize it.
According to a study [2] there are at least four thousand such attacks occures every week in the Internet.
04/19/23 3
Process of ip spoofing attack
1
2
4
3
SYN
(SeqNo=X)
SYN-ACK
(SeqNo=Y, ACK=X+1)
ACK
(SeqNo=X+1, ACK=Y+1)
04/19/23 4
Process of ip spoofing attack
1) An attacker firstly create forged ip address using tools like hping and then attack and control the victim node
2) It sends a SYN connection request to server by disguising (concealing) IP address of victim node
3) Server receives the request, server sends a SYN-ACK to victim node, but Victim node can not receive the message actually.
4) Once the hacker gets the SeqNo (sequence number), it can send ACK to server again
5) The connection is established between the hacker and server
6) Now attack is running
04/19/23 5
Detection Method by Trace Route model[1]
Fig : Trace route model [1]
04/19/23 6
Prevention strategies (Trace Rout Method) [1]
Fig : flow chart of prevention system04/19/23 7
(1) IP Authentication Module
This module is used to judge whether source host is a trusted node. The information of IP authentication includes node name, node IP address, hop count from itself to target node. Only when the user pass the IP authentication, it is considered as an trusted node, Otherwise the user is considered as an node from outer site.
(2) Trace route Module In this module, it process trace route from detection node to source node.
If source host is trusted node, the result information of trace route is "host reachable", otherwise, when IP spoofing attack occurs, the result information is "host unreachable". At the same time, the rule base and log base will be updated dynamically. The result of trace route is sent to the implementation module.
Prevention Method using Trace Rout model [1]
04/19/23 8
Prevention strategies (Packet Funneling method)[2]
1. When packet of a new user is received, the user is entered in the AIP (active ip) table, its timeout value is set, and the packet is forwarded to its destination.
2. The size of the AIP table is a parameter set by the administrator according to the average number of expected users.
3. The Waiting Matrix stores the arriving packets of each delayed user until one of the active users times out and is thus removed from the AIP table.
4. When the memory is entirely consumed, the packets will be dropped instead of delayed.
04/19/23 9
Some other Common Prevention strategies [3]
To prevent IP spoofing happen in network, the following are some common practices:
1. Hop-Count Filtering
Hop-count filtering [3] is a victim based solution relying on Hop-Count method.
The number of hops between source and destination is indicated by the TTL field in an IP packet.
Linking the source IP with the statistical number of hops to reach the destination can be used to assess the authenticity of the claimed IP source.
04/19/23 10
Some other Common Prevention strategies [3]
2. Router Based Solution
The routers are modified to provide : encryption, digital signatures, and authentication,
It enables the tracing of a packet back to its origin and thus stopping further traffic at the closest intelligent router point.
04/19/23 11
Some other Common Prevention strategies [3]
3. Traffic Level Measurements
The module relies on a buffer through which all incoming traffic enters.
Traffic level is continuously monitored and when it shoots to high levels, most incoming packets will be dropped.
The module thus attempts to isolate the server from the attack
04/19/23 12
Comparison
1. Packet funneling is a load balancing solution that would delay heavy traffic on the server .The IP pattern of a normal user will have repetitive occurrences. It is easy approach for a small group of network.
2. Hop -Count process depends heavily on assumptions and probabilistic methods, rendering the method inaccurate.
3. Even though “Router based solution” provides more secure and private communication between the routers involved, a tremendous amount of complexity is introduced.
04/19/23 13
Comparison
4. Traffic level counter measure is not effective way to prevent ip spoofing due to the reason of simply controlling the pick traffic level, where legitimate request may suffer to access the server.
5. Trace rout method is effective defense method where attacker is detected by tracing out the rout with the help of trusted adjacent node in network, if source ip is unreachable it drops the packet.
04/19/23 14
Comparison
04/19/23 15Table (1): comparison among different prevention strategies of IP spoofing attack
Summary We discussed what the ip spoofing is and how ip spoofing
attack is proceed. We discussed how to detect ip spoofing Attack We discussed different types of measure to prevent ip
spoofing attack such as: Trace Rout model, Packet Funneling, and some common prevention technique
We compared these technique of prevention.
04/19/23 16
Conclusion
IP spoofing attack on network is severe problem of consideration as it encounters many cases per day in the world of internet. Hence, the effective prevention strategies should be evaluated. By studying several prevention strategies Trace Rout strategies is effective way to control the attacker in network.
04/19/23 17
References[1] Yunji Ma,” An Effective Method for Defense against IP Spoofing Attack”, Department of
Network Engineering University of Science and Technology LiaoNing Anshan, China,2010
[2] N. Arumugam, C. Venkatesh,” A NOVEL SCHEME FOR DETECTING AND PREVENTING SPOOFED IP ACCESS ON NETWORK USING IP2HP FILTER ”, ©2006-2011 Asian Research Publishing Network (ARPN), Dec 2011
[3] Antonio Challita, Mona El Hassan, Sabine Maalouf, Adel Zouheiry,” A Survey of DDoS Defense Mechanisms”, Department of Electrical and Computer Engineering, American University of Beirut
[4] T. Baba and S. Matsuda, "Tracing network attacks to their sources,“ IEEE Internet Computing, 2002.
[5] I. B. Mopari, S. G. Pukale and M. L. Dhore, "Detection and defense against DDoS attack with IP spoofing," International Conference on Computing, Communication and Networking, 2008, pp. 1-5, Dec. 2008.
[6] A. Bremler-Barr and H. Levy, "Spoofing prevention method," 24 th Annual Jiont Conference of the IEEE Computer and Communications Societies, March 2005.
04/19/23 18
Thanks
Accept my sincere thanks for listening .
Any question and suggestion !!
04/19/23 19
