WEB SPOOFING

This paper describes an Internet security attack that could endanger the privacy of World
Wide Web users and the integrity of their data. The attack can be carried out on today s systems,
endangering users of the most common Web browsers, including Netscape Navigator and
Microsoft Internet Explorer.

1.1 HISTORY

The concept of IP spoofing was initially discussed in academic circles in the 1980 s. It
was primarily theoretical until Robert Morris, whose son wrote the first Internet Worm, discovered
a security weakness in the TCP protocol known as sequence prediction. Another infamous attack,
Kevin Mitnick s Christmas day, crack of Tsutomu Shimomura s machine, employed the IP
spoofing and TCP sequence prediction techniques. While the popularity of such cracks has
decreased due to the demise of the services they exploited, spoofing can still be used and needs
to be addressed by all security administrators.

1.2 WHAT IS SPOOFING?

Spoofing means pretending to be something you are not. In Internet terms it means
pretending to be a different Internet address from the one you really have in order to gain
something. That might be information like credit card numbers, passwords, personal information
or the ability to carry out actions using someone else’s identity.

IP spoofing attack involves forging one s source address. It is the act of using one
machine to impersonate another. Most of the applications and tools in web rely on the source IP
address authentication. Many developers have used the host based access controls to secure
their networks. Source IP address is a unique identifier but not a reliable one. It can easily be
spoofed.

Web spoofing allows an attacker to create a shadow copy of the entire World Wide Web.
Accesses to the shadow Web are funneled through the attacker s machine, allowing the attacker
to monitor the all of the victim s activities including any passwords or account numbers the victim
enters. The attacker can also cause false or misleading data to be sent to Web servers in the
victim s name, or to the victim in the name of any Web server. In short, the attacker observes and
controls everything the victim does on the Web.

The various types of spoofing techniques that we discuss include TCP Flooding, DNS
Server Spoofing Attempts, web site names, email ids and link redirection and remedies to the
above