Your IP:

Home
Like

74.118.192.136

Friday, 10th February 2012

10

-: IP Spoofing :-

Search

The term IP (Internet Protocol) address spoofing refers to the creation of IP packets
with a forged (spoofed) source IP address with the purpose of concealing the identity of
the sender or impersonating another computing system.

809

[Blog]

SEARCH

CATEGORIES
Network Hacking
Password Hacking
E-Mail Hacking
Wireless Hacking
Input Validation
DoS Attacks
Privacy Attacks
IP Spoofing
Cryptography
IDS/IPS
Viruses
Exploits/Bugs
Hack Tips/Tricks
Hacking Tools
E-Books
Videos
White Papers

Why it works ?
IP-Spoofing works because trusted services only rely on network address based
authentication. Since IP is easily duped, address forgery is not difficult.
The main reason is security weakness in the TCP protocol known as sequence number
prediction.
How it works ?
To completely understand how ip spoofing can take place, one must examine the
structure of the TCP/IP protocol suite. A basic understanding of these headers and
network exchanges is crucial to the process.
Internet Protocol (IP) :
It is a network protocol operating at layer 3 (network) of the OSI model. It is a
connectionless model, meaning there is no information regarding transaction state,
which is used to route packets on a network. Additionally, there is no method in place to
ensure that a packet is properly delivered to the destination.

LIVE STATS

ADVERTISEMENT
Examining the IP header, we can see that the first 12 bytes (or the top 3 rows of the
header) contain various information about the packet. The next 8 bytes (the next 2
rows), however, contains the source and destination IP addresses. Using one of several
tools, an attacker can easily modify these addresses specifically the source address
field.
Transmission Control Protocol (TCP) :
It is the connection-oriented, reliable transport protocol in the TCP/IP suite.
Connection-oriented simply means that the two hosts participating in a discussion must
first establish a connection via the 3-way handshake (SYN-SYN/ACK-ACK). Reliability
is provided by data sequencing and acknowledgement. TCP assigns sequence numbers
to every segment and acknowledges any and all data segments recieved from the other
end.

converted by Web2PDFConvert.com

As you can see above, the first 12 bytes of the TCP packet, which contain port and
sequencing information.
Your Ad Here

TCP sequence numbers can simply be thought of as 32-bit counters. They range from 0
to 4,294,967,295. Every byte of data exchanged across a TCP connection (along with
certain flags) is sequenced. The sequence number field in the TCP header will contain
the sequence number of the *first* byte of data in the TCP segment. The
acknowledgement number field in the TCP header holds the value of next *expected*
sequence number, and also acknowledges *all* data up through this ACK number minus
one.
TCP packets can be manipulated using several packet crafting softwares available on
the internet.
The Attack
IP-spoofing consists of several steps. First, the target host is choosen. Next, a pattern of
trust is discovered, along with a trusted host. The trusted host is then disabled, and the
target's TCP sequence numbers are sampled. The trusted host is impersonated, the
sequence numbers guessed, and a connection attempt is made to a service that only
requires address-based authentication. If successful, the attacker executes a simple
command to leave a backdoor.
Spoofing can be implemented by different ways as given below Non-Blind Spoofing :- This type of attack takes place when the attacker is on the
same subnet as the victim. The sequence and acknowledgement numbers can be
sniffed, eliminating the potential difficulty of calculating them accurately.
Blind Spoofing :- Here the sequence and acknowledgement numbers are
unreachable. In order to circumvent this, several packets are sent to the target
machine in order to sample sequence numbers.

Your Ad Here

Both types of spoofing are forms of a common security violation known as a Man In The
Middle Attack. In these attacks, a malicious party intercepts a legitimate
communication between two friendly parties. The malicious host then controls the flow
of communication and can eliminate or alter the information sent by one of the original
participants without the knowledge of either the original sender or the recipient. In this
way, an attacker can fool a victim into disclosing confidential information by spoofing
the identity of the original sender, who is presumably trusted by the recipient.
IP spoofing is almost always used in what is currently one of the most difficult attacks to
defend against Denial of Service attacks, or DoS.
CounterMeasures
1) Filtering at the Router :- Implementing ingress and egress filtering on your
border routers is a great place to start your spoofing defense. You will need to
implement an ACL (access control list)
2) Encryption and Authentication :- Implementing encryption and
authentication will also reduce spoofing threats. Both of these features are included in
Ipv6, which will eliminate current spoofing threats.
3) Initial Sequence Number Randomizing.
ShareThis

converted by Web2PDFConvert.com

--: Related Articles :--

IP Address
ICMP, TCP, UDP Packet Header Analysis

2011 Insecure Lab, India

Affiliates | Contact

converted by Web2PDFConvert.com