JNTUA COLLEGE OF ENGINEERING KALIKIRI-517234 Content Introduction What is IP Spoofing Why IP spoofing is easy How IP Spoofing Works IP Spoofing Usaging History Applications Spoofing Attacks Stopping IP spoofing attacks Advantages Disadvantages Future Scope Conclusion Introduction
IP Spoofing is one of the most common forms of on-
line camouflage.
IP Spoofing gains an unauthorized access over a
network. IP SPOOFING What is IP Spoofing
An IP (Internet Protocol) address is the address that
reveals the identity of your Internet service provider and your personal Internet connection.
IP Spoofing hides the IP address by creating IP packets
with bogus IP addresses. Why IP Spoofing Is easy
IP routing is hop by hop.
Routers look at destination addresses only.
Authentication based on Source addresses only.
How IP Spoofing Works
The Internet Protocol or IP is used for sending and receiving
data over the network.
Each packet of information that is sent is identified by the IP
address.
If you try to respond to the information, it will be sent to a
bogus IP address. Why IP Spoofing is Used
Hackers use IP spoofing so they do not get caught
spamming and to perpetrate denial of service attacks.
IP Spoofing eliminates the need to provide a user name
and password to log onto the network.
Brief History of IP Spoofing
The concept of IP spoofing was initially discussed in
academic circles in the 1980's.
In the April 1989 article entitled: “Security Problems
in the TCP/Protocol Suite”, author S. M Bellovin of AT & T Bell labs was among the first to identify IP spoofing as a real risk to computer networks. Applications of IP spoofing
Many other attacks rely on IP spoofing mechanism,
for example SMURF attack (also known as ICMP
flooding).
Denial of service (DoS) attacks uses IP Spoofing
mechanism. Spoofing Attacks Non-Blind Spoofing
Blind Spoofing
Man in the Middle Attack
Denial of Service Attack
Stopping IP Spoofing Attack
Packet filtering
Compression
Cryptography
Software to stop IP Spoofing
Advantages
Multiple Servers : Sometimes you want to change where
packets heading into your network will go.
Transparent Proxying : Sometimes you want to pretend that
each packet which passes through your Linux box is destined
for a program on the Linux box itself.
Disadvantages
Blind to Replies: A drawback to IP source address spoofing is
that reply packet will go back to the spoofed IP address rather
than to the attacker.
Serial attack platforms: However, the attacker can still maintain
anonymity by taking over a chain of attack hosts.
Conclusion
IP spoofing is less of a threat today due to the patches to the Unix
Operating system and the widespread use of random sequence
numbering.
Security professionals are predicting a shift from IP Spoofing to
application related spoofing.
References Internet Vulnerabilities Related to TCP/IP and T/TCP, ACM SIGCOMM, Computer Communication Review
Distributed System: Concepts and Design, Chapter 7, by Coulouris,
Dollimore, and Kindberg
An Algebraic Approach to IP Trace-back, ACM Transactions on
Information and System Security, Vol. 5, No. 2, May 2002
Network support for IP trace-back, IEEE/ACM Transactions on