Beruflich Dokumente
Kultur Dokumente
UNIVERSITY
IP SPOOFING
Student Name :
Student ID:
What is IP Spoofing ?
IP Spoofing is a technique used to gain unauthorized access to machines, whereby an attacker
illicitly impersonates another machine by manipulating IP packets. IP Spoofing involves
modifying the packet header with a forged (spoofed) source IP address, a checksum, and the
order value. Internet is a packet switched network, which causes the packets leaving one machine
may be arriving at the destination machine in different order. The receiving machine resembles
the message based on the order value embedded in the IP header. IP spoofing involves solving
the algorithm that is used to select the order sent values, and to modify them correctly.
This process usually starts by identifying your host and finding the IP address trusted by your
host so that you can send data packets and the host will see them as originating from a trusted IP
address but that’s not the case.
Hackers use IP spoofing to perform activities that are malicious and illegal. Some of the
activities that can be performed include Service denial and man in the middle attacks. These two
malicious acts are used by hackers to cause drama or havoc over the internet while hiding their
identity.
Let's look at possible attacks that can be launched with the help of IP spoofing.
Spoofing Attacks:
There are a few variations on the types of attacks that using IP spoofing.
1.Non-Blind Spoofing
This attack takes place when the attacker is on the same subnet as the target that could
see sequence and acknowledgement of packets.
Using this spoofing to interfere with a connection that sends packets along with their
own subnet.
2. Blind spoofing
This attack may take place from outside where sequence and acknowledgement numbers
are unreachable.
Attackers usually send several packets to the target machine in order to sample sequence
numbers, which is double in older days .
Using these spoofing to interfere with a connection (or creating one), that does not send
packets along with the cable.
SMURF Attack
Send ICMP ping packet with spoofed IP source address to a LAN which will broadcast
to all hosts on the LAN.
Each host will send a reply packet to the spoofed IP address leading to denial of service.
While IP spoofing can’t be prevented, measures can be taken to stop spoofed packets from
infiltrating a network. A very common defense against spoofing is ingress filtering, outlined in
BCP38 (a Best Common Practice document). Ingress filtering is a form of packet filtering
usually implemented on a network edge device which examines incoming IP packets and looks
at their source headers. If the source headers on those packets don’t match their origin or they
otherwise look fishy, the packets are rejected. Some networks will also implement egress
filtering, which looks at IP packets exiting the network, ensuring that those packets have
legitimate source headers to prevent someone within the network from launching an outbound
malicious attack using IP spoofing.
Conclusion
IP Spoofing is a problem without an easy solution, since it’s inherent to the design of the TCP/IP
suite. Understanding how and why spoofing attacks are used, combined with a few simple
prevention methods, can help protect your network from these malicious cloaking and cracking
techniques.
Resources
https://www.cloudflare.com/learning/ddos/glossary/ip-spoofing/
https://www.wikitechy.com/tutorials/ethical-hacking/computer-hacking-tutorial/ip-spoofing
http://rvs.unibe.ch/teaching/cn%20applets/IP_Spoofing/IP%20Spoofing.pdf
https://www.symantec.com/connect/articles/ip-spoofing-introduction