IP SPOOFING-ATTACKS AND DEFENCES

Presented By : Rajat Gupta Registration No : 100919021

Table Of Contents
Introduction-spoofing Types of spoofing Steps of Ip spoofing History of IP spoofing Attacks and its type Defenses Applications of IP Spoofing Conclusion References

What is IP ADDRESS

Internet Protocol Address (or IP Address) is an unique address that computing devices use to identify itself and communicate with other devices in the Internet Protocol network. Any device connected to the IP network must have an unique IP address within its network. An IP address is a fascinating product of modern computer technology designed to allow one computer (or other digital device) to communicate with another via the Internet. The format of an IP address is a 32-bit numeric address written as four numbers separated by periods. Each number can be zero to 255. For example, 1.160.10.240 could be an IP address.

What is Spoofing?

Spoofing: This is typically done by hiding one's identity or faking the identity of another user on the Internet. Sometimes on the internet, a girl named Alice is really a man named Yves. Spoofing is the creation of TCP/IP packets using somebody else's IP address. Routers use the "destination IP address in order to forward packets through the Internet, but ignore the "source IP" address. That address is only used by the destination machine when it responds back to the source.

TYPES OF SPOOFING
IP spoofing: Attacker uses IP address of another computer to acquire information or gain access. Email spoofing: Attacker sends email but makes it appear to come from someone else Web spoofing: Attacker tricks web browser into communicating with a different web server than the user intended.

IP SPOOFING-Introduction
IP spoofing is a technique used to gain unauthorized access to computers, where by the attacker sends messages to a computer with a forging IP address indicating that the message is coming from a trusted host. When an attacker spoofs someones IP address, the victims reply goes back to that address.

Example of IP Spoofing

Figure depicting spoof of Ip adress

HISTORY OF IP SPOOFING

The concept of IP spoofing was initially discussed in academic circles in the 1980's. In the April 1989 article entitled: "Security Problems in the TCP/IP Protocol Suite", author S. M Bellovin of AT & T Bell labs was among the first to identify IP spoofing as a real risk to computer networks. Bellovi describes how Robert Morris, creator of the now infamous Internet Worm, figured out how TCP created

Why IP Spoofing is easy?

Problem with the Routers. Routers look at Destination addresses only. Authentication based on Source addresses only. To change source address field in IP header field is easy.

IP Spoofing Steps
Selecting a target host (the victim) Identify a host that the target trust Disable the trusted host, sampled the targets TCP sequence The trusted host is impersonated and the ISN forged. Connection attempt to a service that only requires address-based authentication. If successfully connected, executes a simple command to leave a backdoor.

IP Spoofing Attacks
Blind IP Spoofing Man in the middle attack Source routing ICMP attacks UDP attacks TCP attacks

BLIND IP SPOOFING

Usually the attacker does not have access to the reply, abuse trust relationship between hosts. For example: Host C sends an IP packet with the address of some other host (Host A) as the source address to Host B. Attacked host (B) replies to the legitimate host(A).

Blind IP spoofing

Man in the middle attack

If an attacker controls a gateway that is in the delivery route, he can Sniff the traffic Intercept the traffic Modify traffic This is not easy in the internet because of hop by hop routing, unless source routing is used.

MAN IN THE MIDDLE ATTACKS

Source routing
Source Routing is a technique whereby the sender of a packet can specify the route that a packet should take through the network. Remember that as a packet travels through the network, each router will examine the "destination IP address" and choose the next hop to forward the packet to. In source routing, the "source" (i.e. the sender) makes some or all of these decisions

Types of source routing:

Loose source routing (LSR): The sender specifies a list of some IP addresses that a packet must go through (it might go through more) Strict source routing (SSR): The sender specifies the exact path a packet must take (if it is not possible the packet is dropped)

ICMP Echo Attacks

Map the hosts of a network :The attack sends ICMP echo datagram to all the hosts in a subnet, then he collects the replies and determines which hosts are alive. Denial of service attack (SMURF attack) :The attack sends spoofed (with victims IP address) ICMP Echo Requests to subnets, the victim will get ICMP Echo Replies from every machine.

Smurf attack

ICMP Redirect attacks

ICMP redirect messages can be used to re-route traffic on specific routes or to a specific host that is not a router at all. The ICMP redirect attack is very simple: just send a spoofed ICMP redirect message that appears to come from the hosts default gateway.

After ICMP redirect attack

UDP attacks
UDP is a connectionless protocol .There is no error checking or guaranteed delivery. UDP packets are very simple and are mainly used for low overhead protocols. TCP is connection oriented and the TCP connection setup sequence number is hard to predicated . UDP traffic is more vulnerable for IP spoofing than TCP.

TCP Attacks
The attack aims at impersonating another host mostly during the TCP connection establishment phase. To spoof a TCP connection hacker needs to know via which algorithm the server generates its initial sequence The hacker needs this to supply the correct number in its final ACK message confirming the connection and in all subsequent data packets.

IP Spoofing defences

Dont rely on IP-based authentication. Use router filters to prevent packets from entering your network if they have a source address from inside it.

Use router filters to prevent packets from leaving your network if they have a source address from outside it.

Applications of IP Spoofing

Denial Of Service Attacks: In such attacks, the goal is to flood the victim with overwhelming amounts of traffic, and the attacker does not care about receiving responses to the attack packets. Packets with spoofed addresses are thus suitable for such attacks. They have additional advantages for this purposethey are more difficult to filter since each spoofed packet appears to come from a different address, and they hide the true source of the attack. Authentication based on IP Address:This type of attack is most effective where trust relationships exist between machines. By spoofing a connection from a trusted machine, an attacker may be able to

CONCLUSION

IP spoofing attacks is unavoidable.

Understanding how and why spoofing attacks are used, combined with a few simple prevention methods, can help protect your network from these malicious cloaking and cracking techniques. Many security experts are predicting a shift from IP spoofing attacks to application-related spoofing.

References
IP Spoofing by Christoph Hofer and Rafael Wampfler A Comprehensive Analysis of Spoofing by P. Ramesh Babu, D.Lalitha Bhaskari and CH.Satyanarayana Website:

en.wikipedia.org/wiki/IP_address_spoofin g