Blog

IP Spoofing

IP SPOOFING:

Image result for ip spoofing

IP address spoofing” is a technique that involves replacing the IP address of an IP packet’s sender with another machine’s IP address.

IP spoofing refers to connection hijacking through a fake Internet Protocol (IP) address. IP spoofing is the action of masking a computer IP address,so that it looks like it is authentic.

  • IP Spoofing is a technique used to gain unauthorized access to computers.
    • –IP: Internet Protocol
    • –Spoofing: using somebody else’s information
  • Exploits the trust relationships.

Types of IP Address:

  1. IP is connectionless, unreliable
  2. TCP connection-oriented

 

A Blind Attack:

Host I can not see what Host V send back

 IP SPOOFING STEPS:

  1. Selecting a target host (the victim)
  2. Identify a host that the target “trust”
  3. Disable the trusted host, sampled the target’s TCP sequence
  4. The trusted host is impersonated and the ISN forged.
  5. Connection attempt to a service that only requires address-based authentication.
  6. If successfully connected, executes a simple command to leave a back-door.

IP Spoofing Attacks:

  • Man in the middle-Packet sniffs on link between the two end points, and therefore can pretend to be one end of the connection.
  • Routing-redirects routing information from the original host to the attacker’s host.
  • Flooding / Smurfing-The attacker redirects individual packets by the hacker’s host.

 

Attacks:

Flooding: SYN flood fills up the receive queue from random source addresses.

Smurfing:  ICMP packet spoofed to originate from the victim, destined for the broadcast address, causing all hosts on the network to respond to the victim at once.

IP-Spoofing Facts:

  • IP protocol is inherently weak
  • Makes no assumption about sender/recipient
  • Nodes on path do not check sender’s identity
  • There is no way to completely eliminate IP spoofing
  • Can only reduce the possibility of attack

 

Disable Ping Command:

  • ping command has rare use
  • Can be used to trigger a DOS attack by flooding the victim with ICMP packets
  • This attack does not crash victim, but consume network bandwidth and system resources
  • Victim fails to provide other services, and halts if runs out of memory

FIREWALL:

  • Limit traffic to services that are offered
  • Control access from within the network
  • Free software: ipchains, iptables
  • Commercial firewall software
  • Packet filters: router with firewall built-in
  • Multiple layer of firewall