IP Spoofing
In Official Blog, Tech-BLOG, Tech-Forum, TechnicalIP SPOOFING:
“IP address spoofing” is a technique that involves replacing the IP address of an IP packet’s sender with another machine’s IP address.
IP spoofing refers to connection hijacking through a fake Internet Protocol (IP) address. IP spoofing is the action of masking a computer IP address,so that it looks like it is authentic.
- IP Spoofing is a technique used to gain unauthorized access to computers.
- `IP: Internet Protocol
- `Spoofing: using somebody else’s information
- Exploits the trust relationships.
Types of IP Address:
- IP is connectionless, unreliable
- TCP connection-oriented
A Blind Attack:
Host I can not see what Host V send back
IP SPOOFING STEPS:
- Selecting a target host (the victim)
- Identify a host that the target “trust”
- Disable the trusted host, sampled the target’s TCP sequence
- The trusted host is impersonated and the ISN forged.
- Connection attempt to a service that only requires address-based authentication.
- If successfully connected, executes a simple command to leave a back-door.
IP Spoofing Attacks:
- Man in the middle-Packet sniffs on link between the two end points, and therefore can pretend to be one end of the connection.
- Routing-redirects routing information from the original host to the attacker’s host.
- Flooding / Smurfing-The attacker redirects individual packets by the hacker’s host.
Attacks:
Flooding: SYN flood fills up the receive queue from random source addresses.
Smurfing: ICMP packet spoofed to originate from the victim, destined for the broadcast address, causing all hosts on the network to respond to the victim at once.
IP-Spoofing Facts:
- IP protocol is inherently weak
- Makes no assumption about sender/recipient
- Nodes on path do not check sender’s identity
- There is no way to completely eliminate IP spoofing
- Can only reduce the possibility of attack
Disable Ping Command:
- ping command has rare use
- Can be used to trigger a DOS attack by flooding the victim with ICMP packets
- This attack does not crash victim, but consume network bandwidth and system resources
- Victim fails to provide other services, and halts if runs out of memory
FIREWALL:
- Limit traffic to services that are offered
- Control access from within the network
- Free software: ipchains, iptables
- Commercial firewall software
- Packet filters: router with firewall built-in
- Multiple layer of firewall