logging in or signing up ip spoofing meetujain Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 4156 Category: Science & Tech.. License: All Rights Reserved Like it (21) Dislike it (4) Added: April 12, 2010 This Presentation is Public Favorites: 1 Presentation Description No description available. Comments Posting comment... By: amoolyapolu (8 month(s) ago) ppt is so nice can u plz mail this ppt to my mail amoolya19@gmail.com Saving..... Post Reply Close Saving..... Edit Comment Close By: streky (12 month(s) ago) nice ppt Saving..... Post Reply Close Saving..... Edit Comment Close By: prsntn (13 month(s) ago) ples allow download Saving..... Post Reply Close Saving..... Edit Comment Close By: mohitgangwar (13 month(s) ago) nice... Saving..... Post Reply Close Saving..... Edit Comment Close By: rayluis88 (13 month(s) ago) hello maam .i liked your presentation on ip spoofing,i will be pleased if you could mail the ppt to my mail rayluis88@gmail.com Saving..... Post Reply Close Saving..... Edit Comment Close loading.... See all Premium member Presentation Transcript Slide 1: Submitted By: Poonam Slide 2: Spoofing Is a situation in which one person or program successfully inserts false or misleading information in e-mail or Netnews headers.Also known as header forgery. Overview : Overview TCP/IP – in brief IP Spoofing Basic overview IP Spoofing- How It Works!! Examples Of Spoofing Attacks Mitnick Attack Session Hijack DoS Attack Defending Against the Threat Conclusion TCP/IP in 3 minute or less : TCP/IP in 3 minute or less General use of term describes the Architecture upon which the Interweb is built. TCP and IP are specific protocols within that architecture. TCP/IP in 3 minutes or less : TCP/IP in 3 minutes or less Application Transport Interweb Network Access Physical TCP IP TCP/IP in 3 minute or less : TCP/IP in 3 minute or less IP is the internet layer protocol. Does not guarantee delivery or ordering, only does its best to move packets from a source address to a destination address. IP addresses are used to express the source and destination. IP assumes that each address is unique within the network. Slide 7: 0 16 31 Options and Padding Source Address Destination Address Total Length Fragment Offset Header Checksum Time to Live Protocol Identification Type of Service Flags Version IP header TCP/IP in 3 minutes or less : TCP/IP in 3 minutes or less TCP is the transport layer protocol. It guarantees delivery and ordering, but relies upon IP to move packets to proper destination. Port numbers are used to express source and destination. Destination Port is assumed to be awaiting packets of data. Slide 9: 0 16 31 Source Port Destination Port Sequence Number Acknowledgement Number Window Urgent Pointer Options and Padding Checksum Flags Reserved Data Offset TCP header IP Spoofing : IP Spoofing Basically, IP spoofing is lying about an IP address. Normally, the source address is incorrect. Lying about the source address lets an attacker assume a new identity. Because the source address is not the same as the attacker’s address, any replies generated by the destination will not be sent to the attacker. IP Spoofing : IP Spoofing Blind and non blind spoofing. Attacker must have an alternate way to spy on traffic/predict responses. To maintain a connection, Attacker must adhere to protocol requirements IP Spoofing –how it works ! ! : IP Spoofing –how it works ! ! IP spoofing used to take control of a session. Attacker normally within a LAN/on the communication path between server and client. Not blind, since the attacker can see traffic from both server and client. IP Spoofing – The Reset : IP Spoofing – The Reset Victim - Bob Sucker - Alice Attacker - Eve 1. SYN – Let’s have a conversation 2. SYN ACK – Sure, what do you want to talk about? 3. RESET – Umm.. I have no idea why you are talking to me 4. No connection – Guess I need to take Bob out of the picture… Example Of Spoofing Attacks : Example Of Spoofing Attacks Mitnick Attack Session Hijack DoS Attack Mitnick Attack : Mitnick Attack Merry X-mas! Mitnick hacks a Diskless Workstation on December 25th, 1994 The victim – Tsutomu Shinomura The attack – IP spoofing and abuse of trust relationships between a diskless terminal and login server. Mitnick Attack : Mitnick Attack 1. Mitnick Flood’s server’s login port so it can no longer respond 2. Mitnick Probes the Workstation to determine the behavior of its TCP sequence number generator 3. Mitnick discovers that the TCP sequence number is incremented by 128000 each new connection 4. Mitnick forges a SYN from the server to the terminal Server Workstation Kevin Mitnick 5. Mitnick fakes the ACK using the proper TCP sequence number 6. Mitnick has now established a one way communications channel Why Mitnick Attack worked : Why Mitnick Attack worked Mitnick abused the trust relationship between the server and workstation He flooded the server to prevent communication between it and the workstation Used math skillz to determine the TCP sequence number algorithm (i.e. add 128000) This allowed Mitnick to open a connection without seeing the workstations outgoing sequence numbers and without the server interrupting his attack Session Hijack : Session Hijack Alice Bob Eve I’m Bob! I’m Alice! 1. Eve assumes a man-in-the-middle position through some mechanism. For example, Eve could use Arc Poisoning, social engineering, router hacking etc... 2. Eve can monitor traffic between Alice and Bob without altering the packets or sequence numbers. 3. At any point, Eve can assume the identity of either Bob or Alice through the Spoofed IP address. This breaks the pseudo connection as Eve will start modifying the sequence numbers DoS Attack : DoS Attack Denial of Service (DoS) attack aimed at preventing clients from accessing a service. IP Spoofing can be used to create DoS attacks DoS Attack : DoS Attack Server Attacker Legitimate Users Interweb Fake IPs Service Requests Flood of Requests from Attacker Server queue full, legitimate requests get dropped Service Requests DoS Attack : DoS Attack The attacker spoofs a large number of requests from various IP addresses to fill Services queue. With the services queue filled, legitimate user’s cannot use the service. DoS becomes more dangerous if spread to multiple computers. IP Spoofing – Defending : IP Spoofing – Defending IP Spoofing can be defended against in a number of ways: As mentioned, other protocols in the Architectural model may reveal spoofing. TCP sequence numbers are often used in this manner Makes it difficult to guess proper sequence numbers if the attacker is blind Filtering “Smart” routers can detect IP addresses that are outside its domain i.e. Egress filtering “Smart” servers can block IP ranges that appear to be conducting a DoS i.e. Ingress filtering IP Spoofing – Defending : IP Spoofing – Defending Encryption And Authentication Authentication is a mechanism whereby the receiver of a transaction or message can be confident of the identity of sender and the integrity of message. Use of encryption schemes. Verification of identity of incoming packets. Conclusion : Conclusion IP Spoofing is an old school Hacker trick that continues to evolve. Can be used for a wide variety of purposes. Will continue to represent a threat as long as each layer continues to trust each other and people are willing to subvert that trust. You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
ip spoofing meetujain Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 4156 Category: Science & Tech.. License: All Rights Reserved Like it (21) Dislike it (4) Added: April 12, 2010 This Presentation is Public Favorites: 1 Presentation Description No description available. Comments Posting comment... By: amoolyapolu (8 month(s) ago) ppt is so nice can u plz mail this ppt to my mail amoolya19@gmail.com Saving..... Post Reply Close Saving..... Edit Comment Close By: streky (12 month(s) ago) nice ppt Saving..... Post Reply Close Saving..... Edit Comment Close By: prsntn (13 month(s) ago) ples allow download Saving..... Post Reply Close Saving..... Edit Comment Close By: mohitgangwar (13 month(s) ago) nice... Saving..... Post Reply Close Saving..... Edit Comment Close By: rayluis88 (13 month(s) ago) hello maam .i liked your presentation on ip spoofing,i will be pleased if you could mail the ppt to my mail rayluis88@gmail.com Saving..... Post Reply Close Saving..... Edit Comment Close loading.... See all Premium member Presentation Transcript Slide 1: Submitted By: Poonam Slide 2: Spoofing Is a situation in which one person or program successfully inserts false or misleading information in e-mail or Netnews headers.Also known as header forgery. Overview : Overview TCP/IP – in brief IP Spoofing Basic overview IP Spoofing- How It Works!! Examples Of Spoofing Attacks Mitnick Attack Session Hijack DoS Attack Defending Against the Threat Conclusion TCP/IP in 3 minute or less : TCP/IP in 3 minute or less General use of term describes the Architecture upon which the Interweb is built. TCP and IP are specific protocols within that architecture. TCP/IP in 3 minutes or less : TCP/IP in 3 minutes or less Application Transport Interweb Network Access Physical TCP IP TCP/IP in 3 minute or less : TCP/IP in 3 minute or less IP is the internet layer protocol. Does not guarantee delivery or ordering, only does its best to move packets from a source address to a destination address. IP addresses are used to express the source and destination. IP assumes that each address is unique within the network. Slide 7: 0 16 31 Options and Padding Source Address Destination Address Total Length Fragment Offset Header Checksum Time to Live Protocol Identification Type of Service Flags Version IP header TCP/IP in 3 minutes or less : TCP/IP in 3 minutes or less TCP is the transport layer protocol. It guarantees delivery and ordering, but relies upon IP to move packets to proper destination. Port numbers are used to express source and destination. Destination Port is assumed to be awaiting packets of data. Slide 9: 0 16 31 Source Port Destination Port Sequence Number Acknowledgement Number Window Urgent Pointer Options and Padding Checksum Flags Reserved Data Offset TCP header IP Spoofing : IP Spoofing Basically, IP spoofing is lying about an IP address. Normally, the source address is incorrect. Lying about the source address lets an attacker assume a new identity. Because the source address is not the same as the attacker’s address, any replies generated by the destination will not be sent to the attacker. IP Spoofing : IP Spoofing Blind and non blind spoofing. Attacker must have an alternate way to spy on traffic/predict responses. To maintain a connection, Attacker must adhere to protocol requirements IP Spoofing –how it works ! ! : IP Spoofing –how it works ! ! IP spoofing used to take control of a session. Attacker normally within a LAN/on the communication path between server and client. Not blind, since the attacker can see traffic from both server and client. IP Spoofing – The Reset : IP Spoofing – The Reset Victim - Bob Sucker - Alice Attacker - Eve 1. SYN – Let’s have a conversation 2. SYN ACK – Sure, what do you want to talk about? 3. RESET – Umm.. I have no idea why you are talking to me 4. No connection – Guess I need to take Bob out of the picture… Example Of Spoofing Attacks : Example Of Spoofing Attacks Mitnick Attack Session Hijack DoS Attack Mitnick Attack : Mitnick Attack Merry X-mas! Mitnick hacks a Diskless Workstation on December 25th, 1994 The victim – Tsutomu Shinomura The attack – IP spoofing and abuse of trust relationships between a diskless terminal and login server. Mitnick Attack : Mitnick Attack 1. Mitnick Flood’s server’s login port so it can no longer respond 2. Mitnick Probes the Workstation to determine the behavior of its TCP sequence number generator 3. Mitnick discovers that the TCP sequence number is incremented by 128000 each new connection 4. Mitnick forges a SYN from the server to the terminal Server Workstation Kevin Mitnick 5. Mitnick fakes the ACK using the proper TCP sequence number 6. Mitnick has now established a one way communications channel Why Mitnick Attack worked : Why Mitnick Attack worked Mitnick abused the trust relationship between the server and workstation He flooded the server to prevent communication between it and the workstation Used math skillz to determine the TCP sequence number algorithm (i.e. add 128000) This allowed Mitnick to open a connection without seeing the workstations outgoing sequence numbers and without the server interrupting his attack Session Hijack : Session Hijack Alice Bob Eve I’m Bob! I’m Alice! 1. Eve assumes a man-in-the-middle position through some mechanism. For example, Eve could use Arc Poisoning, social engineering, router hacking etc... 2. Eve can monitor traffic between Alice and Bob without altering the packets or sequence numbers. 3. At any point, Eve can assume the identity of either Bob or Alice through the Spoofed IP address. This breaks the pseudo connection as Eve will start modifying the sequence numbers DoS Attack : DoS Attack Denial of Service (DoS) attack aimed at preventing clients from accessing a service. IP Spoofing can be used to create DoS attacks DoS Attack : DoS Attack Server Attacker Legitimate Users Interweb Fake IPs Service Requests Flood of Requests from Attacker Server queue full, legitimate requests get dropped Service Requests DoS Attack : DoS Attack The attacker spoofs a large number of requests from various IP addresses to fill Services queue. With the services queue filled, legitimate user’s cannot use the service. DoS becomes more dangerous if spread to multiple computers. IP Spoofing – Defending : IP Spoofing – Defending IP Spoofing can be defended against in a number of ways: As mentioned, other protocols in the Architectural model may reveal spoofing. TCP sequence numbers are often used in this manner Makes it difficult to guess proper sequence numbers if the attacker is blind Filtering “Smart” routers can detect IP addresses that are outside its domain i.e. Egress filtering “Smart” servers can block IP ranges that appear to be conducting a DoS i.e. Ingress filtering IP Spoofing – Defending : IP Spoofing – Defending Encryption And Authentication Authentication is a mechanism whereby the receiver of a transaction or message can be confident of the identity of sender and the integrity of message. Use of encryption schemes. Verification of identity of incoming packets. Conclusion : Conclusion IP Spoofing is an old school Hacker trick that continues to evolve. Can be used for a wide variety of purposes. Will continue to represent a threat as long as each layer continues to trust each other and people are willing to subvert that trust.