Scribd Logo
Upload

Welcome to Scribd!

  • IP Address Spoofing

    Uploaded by

    anon_555513071
    5 views2 pages

    Original Title

    IP address spoofing

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views2 pages

    IP Address Spoofing

    Uploaded by

    anon_555513071

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    IP address spoofing?

    Computer networks communicate through the exchange of network data packets,


    each containing multiple headers used for routing and to ensure transmission
    continuity. One such header is the ‘Source IP Address’, which indicates the IP
    address of the packet’s sender.

    IP address spoofing is the act of falsifying the content in the Source IP header,
    usually with randomized numbers, either to mask the sender’s identity or to launch a
    reflected DDoS attack, as described below. IP spoofing is a default feature in most
    DDoS malware kits and attack scripts, making it a part of most network
    layer distributed denial of service DDoS attacks.

    Source routing attacks?


    Source routing is an example of a classical spoofing attack and it is a pretty old trick itself.
    The theory behind a source routing attack is the idea that you can specify the route a packet
    takes, rather than just letting it go through the routers. This way, because it did not travel
    through routers, but through the route of the attacker's choice, packets sent can have a
    spoofed address, and the spoofing attack is non-blind. What is meant by non-blind is that
    unlike Sequence Number Prediction attacks for example, you can actually receive packets
    back.

    Tiny fragment attacks?


    A Tiny Fragment attack is IP fragmentation that is the process of breaking up a single
    Internet Protocol (IP) datagram into multiple packets of smaller size. Every network link has
    a characteristic size of messages that may be transmitted, called the maximum transmission
    unit (MTU). If the data packet size is made small enough to force some of a TCP packet’s TCP
    header fields into the second data fragment, filter rules that specify patterns for those fields
    will not match. If the filtering implementation does not enforce a minimum fragment size, a
    disallowed packet might be passed because it didn’t hit a match in the filter. STD 5, RFC 791
    states that, “Every Internet module must be able to forward a datagram of 68 octets
    without further fragmentation.” This is because an Internet header may be up to 60 octets,
    and the minimum fragment is 8 octets. IP fragmentation exploits (attacks) use the
    fragmentation protocol within IP as an attack vector.

    You might also like