The term IP (Internet Protocol) address spoofing refers to the creation of IP packets with a forged (spoofed) source IP address with the purpose of concealing the identity of the sender or impersonating another computing system. Why it works ? IP-Spoofing works because trusted services only rely on network address based authentication. Since IP is easily duped, address forgery is not difficult. The main reason is security weakness in the TCP protocol known as sequence number prediction. How it works ? To completely understand how ip spoofing can take place, one must examine the structure of the TCP/IP protocol suite. A basic understanding of these headers and network exchanges is crucial to the process. Internet Protocol (IP) : It is a network protocol operating at layer 3 (network) of the OSI model. It is a connectionless model, meaning there is no information regarding transaction state, which is used to route packets on a network. Additionally, there is no method in place to ensure that a packet is properly delivered to the destination. Examining the IP header, we can see that the first 12 bytes (or the top 3 rows of the header) contain various information about the packet. The next 8 bytes (the next 2 rows), however, contains the source and destination IP addresses. Using one of several tools, an attacker can easily modify these addresses – specifically the “source address” field. Transmission Control Protocol (TCP) : It is the connection-oriented, reliable transport protocol in the TCP/IP suite. Connection-oriented simply means that the two hosts participating in a discussion must first establish a connection via the 3-way handshake (SYN-SYN/ACK-ACK). Reliability is provided by data sequencing and acknowledgement. TCP assigns sequence numbers to every segment and acknowledges any and all data segments recieved from the other end. As you can see above, the first 12 bytes of the TCP packet, which contain port and sequencing information. TCP sequence numbers can simply be thought of as 32-bit counters. They range from 0 to 4,294,967,295. Every byte of data exchanged across a TCP connection (along with certain flags) is sequenced. The sequence number field in the TCP header will contain the sequence number of the *first* byte of data in the TCP segment. The acknowledgement number field in the TCP header holds the value of next *expected* sequence number, and also acknowledges *all* data up through this ACK number minus one. TCP packets can be manipulated using several packet crafting softwares available on the internet. The Attack IP-spoofing consists of several steps. First, the target host is choosen. Next, a pattern of trust is discovered, along with a trusted host. The trusted host is then disabled, and the target's TCP sequence numbers are sampled. The trusted host is impersonated, the sequence numbers guessed, and a connection attempt is made to a service that only requires address-based authentication. If successful, the attacker executes a simple command to leave a backdoor. Spoofing can be implemented by different ways as given below - Non-Blind Spoofing :- This type of attack takes place when the attacker is on the same subnet as the victim. The sequence and acknowledgement numbers can be sniffed, eliminating the potential difficulty of calculating them accurately. Blind Spoofing :- Here the sequence and acknowledgement numbers are unreachable. In order to circumvent this, several packets are sent to the target machine in order to sample sequence numbers. Both types of spoofing are forms of a common security violation known as a Man In The Middle Attack. In these attacks, a malicious party intercepts a legitimate communication between two friendly parties. The malicious host then controls the flow of communication and can eliminate or alter the information sent by one of the original participants without the knowledge of either the original sender or the recipient. In this way, an attacker can fool a victim into disclosing confidential information by “spoofing” the identity of the original sender, who is presumably trusted by the recipient. IP spoofing is almost always used in what is currently one of the most difficult attacks to defend against – Denial of Service attacks, or DoS.
2) Encryption and Authentication :- Implementing encryption and authentication will also reduce spoofing threats. Both of these features are included in Ipv6, which will eliminate current spoofing threats. 3) Initial Sequence Number Randomizing. |
11:11 AM |
Posted in
IP,
Regards www.insecure.in
��
Comments
Facebook Badge
About Me
- Ranju
- There is one question that evry one has asked themselves at some point of their life & "ho am I...?" I am neither Einstien nor Newton. Neither Brad pitt nor Arnold. Neither sachin nor ricky ponting. Niether vishwanathan nor mike. Neither Binladen nor dawood. Neither jiddane nor ronaldo.......... I am wat I am,A jack of all traits... Hey dont underestimate me by thinking tat I am master in none.... You can e-mail your requests to ranju.m.nair@gmail.com or can comment on posts . Please e-mail me if you know any tips and tricks or stuff like that I will post it with your name in my blog. Thank you for Your Support...
Labels
- Airtel Hack (1)
- Airtel Hack for Free GPRS (1)
- Airtel Hack using Teashark Browser (1)
- Complete Hacking Tools Kit (1)
- Cracking GMail (1)
- EMail Hacking (1)
- flood mail (1)
- Free Mobile Gprs (2)
- Google Hack (1)
- GPRS (1)
- INTERVIEW QUESTIONS (1)
- IP (2)
- Memory card Hacks (1)
- Mobile GPRS Hacks (5)
- Mobile Hacks (1)
- Open Source (GPL) (1)
- Premium Accounts (1)
- Rapidshare (1)
- Regards www.insecure.in (8)
- remove sensitive data from your hard drive (1)
- Sitemeter (1)
- Study Guide (1)
- URL Tricks (1)
- Viruses (1)
- Vista (2)
- Wifi (1)
- Window (1)
- Windows Hack (8)
- Windows Password Cracker (1)
Blog Archive
-
▼
2009
(33)
-
▼
April
(31)
- Cracking GMail Account Password
- Password Hacking
- E-Mail Hacking
- EMail Forging
- EMail Hacking
- Computer Viruses
- Disable Windows-XP Boot Logo
- Shutdown Windows-XP Faster
- Faster startup of Windows XP
- Reduce 10 second scandisk wait time
- Remove shortcut arrow
- Change owner and organization in System Properties
- Windows Genuine Hack
- flood mail of your contacts
- Net Tools 5.0 (Complete Hacking Tools Kit)
- Ophcrack - Windows Password Cracker
- Nikto 2.03
- Eraser
- Sitemeter Hack - Hide Visual Tracker (Counter)
- Access Free Airtel GPRS Using TeaShark Browser
- Airtel Hack for Free Internet Access
- View Web Cam Online - (Google Hack)
- Premium Accounts { 16 Download Sites }
- Latest (2008 Dec) Airtel Hack
- Hacking Free Wifi With URL Tricks
- Vodafone Hack For Free GPRS
- Vodafone Hack For Free GPRS
- Packet Header Analysis
- IP Address
- IP Spoofing
- Rapidshare Hack
-
▼
April
(31)
0 responses to "IP Spoofing"