...12/7/2014 IP Spoofing Cisco Systems The Internet Protocol Journal, Volume 10, No. 4 IP Spoofing HOME ABOUT CISCO PUBLICATIONS AND MERCHANDISE THE INTERNET PROTOCOL JOURNAL ISSUES VOLUME 10, NUMBER 4, DECEMBER 2007 Book Review Call for Papers Download PDF Fragments From the Editor IP Spoofing Looking Toward the Future Remembering Itojun Security Standards Layers above IP use the source address in an incoming packet to identify the sender. To communicate with the sender, the receiving station sends a reply by using the source address in the datagram. Because IP makes no effort to validate whether the source address in the packet generated by a node is actually the source address of the node, you can spoof the source address and the receiver will think the packet is coming from that spoofed address. Many programs for preparing spoofed IP datagrams are available for free on the Internet; for example, hping lets you prepare spoofed IP datagrams with just a oneline command, and you can send them to almost anybody in the world. You can spoof at various network layers; for example, you can use Address Resolution Protocol (ARP) spoofing to divert the traffic intended for one station to someone else. The Simple Mail Transfer Protocol (SMTP) is also a target for spoofing; because SMTP does not verify the sender's address, you can send any email to anybody pretending to be someone else. This article focuses on the various types of attacks that involve IP spoofing on networks...
Words: 3181 - Pages: 13
...IP Spoofing by Farha Ali, Lander University The Internet Protocol, or IP, is the main protocol used to route information across the Internet. The role of IP is to provide best-effort services for the delivery of information to its destination. IP depends on upper-level TCP/IP suite layers to provide accountability and reliability. The heart of IP is the IP datagram, a packet sent over the Internet in a connectionless manner. An IP datagram carries enough information about the network to get forwarded to its destination; it consists of a header followed by bytes of data . The header contains information about the type of IP datagram, how long the datagram should stay on the network (or how many hops it should be forwarded to), special flags indicating any special purpose the datagram is supposed to serve, the destination and source addresses, and several other fields, as shown in Figure 1. Figure 1: The IP Header Layers above IP use the source address in an incoming packet to identify the sender. To communicate with the sender, the receiving station sends a reply by using the source address in the datagram. Because IP makes no effort to validate whether the source address in the packet generated by a node is actually the source address of the node, you can spoof the source address and the receiver will think the packet is coming from that spoofed address. Many programs for preparing spoofed IP datagrams are available for free on the Internet; for example, hping lets...
Words: 3368 - Pages: 14
...8 steps to protect your Cisco router Daniel B. Cid daniel@underlinux.com.br Network security is a completely changing area; new devices like IDS (Intrusion Detection systems), IPS (Intrusion Prevention systems), and Honeypots are modifying the way people think about security. Companies are spending thousand of dollars on new security devices, but forgetting the basic, the first line of defense: the border router. Although a lot of people may think that routers don’t need to be protect, they are completely wrong. A lot of secure problems appear all time against this kind of device and most of them are vulnerable. Some information about some common security problems found on Cisco Routers, can be read on the text “Exploiting Cisco Routers”, available at: http://www.securityfocus.com/infocus/1734 In this article I will give you 8 steps, easy to follow, to minimize your Cisco router exposure by turning off some unused services, applying some access control and applying some security options available on that. 12345678- Control Access to your router; Restrict telnet access to it; Block Spoof/Malicious packets; Restrict SNMP; Encrypt all passwords; Disable all unused services; Add some security options; Log everything; 1- Control Access to your router The first thing to do is apply some rules to restrict all external access to some ports of the router. You can block all ports, but it is not always necessary. These commands bellow will protect your router against some reconnaissance...
Words: 1100 - Pages: 5
...Describe different types of session hijacking. Also research session hijacking on internet and see if you can find a case where session hijacking was successfully used to perform an attack against a system. Include references in your answer. Network-Level Hijacking – is the interception of packets during the transmission between client and server in a TCP/UDP session. Attacks on network level sessions provide the attacker with critical information to attack application level session. TCP/IP Hijacking – spoofs packets to take over a connection between a victim and a target machine. The hacker is able to communicate with the host’s machine as if the attacker is the victim when the connection hangs. One-time passwords can be easily attacked through this technique. IP Spoofing – Allows attackers to create their won acceptable packets tio insert in the TCP session. Attacker spoofs the trusted host’s IP. Then, the hijacker alters the sequence number and acknowledgment number the ser server expects. Forged packets are injected in to the TCP session before the client can respond. Example: This is not really a system, but session hijacking Facebook accounts are very popular. I found hundreds videos showing how to hijack an account. Basically, all you need is a computer with an internet browser, Wireshark (Network Protocol Analyzer), cookie injector, and have a wi-fi connection. Once you’re able to find their facebook session, and then use the cookie injector. Bang, you’re...
Words: 410 - Pages: 2
...connection * Device needed: pc, laptop, cellphone with built in wireless card that can server as a wireless hotspot * Another would be via USB dongle with sin card capable for GSM connection like 3G or LTE * devised on sunglasses or reading glasses with voice command * internet access that can be seen in your peripheral vision and can be access through brain waves. you just need some implant in the brain * IMT-Advance" which have a theoretical max speed if 1 gbit /Second 2. What is an IP address? * IP address - a unique identifier assigned to your PC in a network connection * Internet Protocol address is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication. Source: Wikipedia a. How do you know your computer’s IP address? * command prompt then ipconfig * if you have a virtual network computing (vnc) icon, you can hover on it to see your IP address b. How do you know you are behind a firewall? * if you cannot access sites like facebook and twitter in a certain location like the office but you can do...
Words: 957 - Pages: 4
...For our security we have the firewalls set up using both the firewall installed in windows and the one on the router. We will set the firewall up to be stateful so that data can still come in and out of the network but this way the firewall will basically make a copy of the outgoing traffics source IP numbers and when that source tries to send info back to the network it will recognize it and let it back in. If hacker tries to spoof the firewall then it will recognize that there is a discrepancy with the numbers and will not let the hacker through. We have installed AVG virus protection on all the machines and set it up to update at some point during the downtime of the company so that the definitions are always up to date and protecting the computers. We can also set up access lists for the network and choose what port numbers and even have it examine packet contents from what is coming in and out of the network. This is usually placed on the networks internet connection but is only a very basic line of protection for the network and probably less secure. The problem with this is there is no history of data traffic and it is not stateful. One more thing that was done is all accounts are set up with passwords and those passwords have guidelines such as they must be 8 or more characters long and use a combo of letters numbers and special characters. There is a limit on login attempts and the password is set to be changed after a certain amount of...
Words: 280 - Pages: 2
...represents a human-readable explanation or request (e.g. ).[1] An ongoing transfer of file data over the data connection can be aborted using an interrupt message sent over the control connection. Illustration of starting a passive connection using port 21 FTP may run in active or passive mode, which determines how the data connection is established.[6] In active mode, the client creates a TCP control connection to the server and sends the server the client's IP address and an arbitrary client port number, and then waits until the server initiates the data connection over TCP to that client IP address and client port number.[7] In situations where the client is behind a firewall and unable to accept incoming TCP connections, passive mode may be used. In this mode, the client uses the control connection to send a PASV command to the server and then receives a server IP address and server port number from the server,[7][6] which the client then uses to open a data connection from an arbitrary client port to the server IP address and server port number received.[5] Both modes were updated in September 1998 to support IPv6. Further changes were introduced to the passive mode at that time, updating it to extended passive mode.[8] While transferring data over the network, four data representations can be used:[2][3][4] ASCII mode: used for text. Data is converted, if needed, from the sending host's character representation to "8-bit ASCII" before transmission, and (again, if necessary)...
Words: 1173 - Pages: 5
...File Transfer Protocol File Transfer Protocol (FTP) is a standard network protocol used to transfer files from one host or to another host over a TCP-based network, such as the Internet. FTP is built on a client-server architecture and uses separate control and data connections between the client and the server. FTP users may authenticate themselves using a clear-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. For secure transmission that hides (encrypts) the username and password, and encrypts the content, FTP is often secured with SSL/TLS ("FTPS"). SSH File Transfer Protocol ("SFTP") is sometimes also used instead. The first FTP client applications were command-line applications developed before operating systems had graphical user interfaces, and are still shipped with most Windows, Unix, and Linux operating systems. Dozens of FTP clients and automation utilities have since been developed for desktops, servers, mobile devices, and hardware, and FTP has been incorporated into hundreds of productivity applications, such as Web page editors. The original specification for the File Transfer Protocol was written by Abhay Bhushan and published as RFC 114 on 16 April 1971 and later replaced by RFC 765 (June 1980) and RFC 959 (October 1985), the current specification. Several proposed standards amend RFC 959, for example RFC 2228 (June 1997) proposes security extensions and RFC...
Words: 1088 - Pages: 5
...IP Spoofing: An Introduction Criminals have long employed the tactic of masking their true identity, from disguises to aliases to caller-id blocking. It should come as no surprise then, that criminals who conduct their nefarious activities on networks and computers should employ such techniques. IP spoofing is one of the most common forms of on-line camouflage. In IP spoofing, an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine by “spoofing” the IP address of that machine. In this article, we will examine the concepts of IP spoofing: why it is possible, how it works, what it is used for and how to defend against it.Internet Protocol – IP Internet protocol (IP) is a network protocol operating at layer 3 (network) of the OSI model. It is a connectionless model, meaning there is no information regarding transaction state, which is used to route packets on a network. Additionally, there is no method in place to ensure that a packet is properly delivered to the destination.Examining the IP header, we can see that the first 12 bytes (or the top 3 rows of the header) contain various information about the packet. The next 8 bytes (the next 2 rows), however, contains the source and destination IP addresses. Using one of several tools, an attacker can easily modify these addresses – specifically the “source address” field. It's important to note that each datagram is sent independent of all others...
Words: 1398 - Pages: 6
...Network nodes are not directly aware that switches handle the traffic they send and receive, making switches the silent workhorse of a network. Other than offering an administrative interface, switches do not maintain layer three IP addresses, so hosts cannot send traffic to them directly. The primary attack against a switch is the ARP poisoning attack described earlier in the “Switches” section of this chapter. However, the possibility of an ARP attack doesn’t mean switches cannot be used as security control devices. As mentioned earlier, MAC addresses are unique for every network interface card, and switches can be configured to allow only specific MAC addresses to send traffic through a specific port on the switch. This function is known as port security, and it is useful where physical access over the network port cannot be relied upon, such as in public kiosks. With port security, a malicious individual cannot unplug the kiosk, plug in a laptop, and use the switch port, because the laptop MAC will not match the kiosk’s MAC and the switch would deny the traffic. While it is possible to spoof a MAC address, locking a port to a specific MAC creates a hurdle for a would-be intruder. Switches can also be used to create virtual local area networks (VLANs). VLANs are layer two broadcast domains, and they are used to further segment LANs. As described earlier, ARP broadcasts are sent between all hosts within the same VLAN. To communicate with a host that is not in your...
Words: 399 - Pages: 2
...a fi rewall is, what a fi rewall does, how it performs these tasks, why fi rewalls are necessary, the various fi rewall types, and fi ltering mechanisms. Once you understand these fundamentals of fi rewalls, you will able to look beyond the unschooled opinions, common mythology, and marketing hype surrounding them, and the crucial benefi ts of effective fi rewall architecture will become clear. Like any tool, fi rewalls are useful in solving a variety of particular problems and in supporting essential network security. Chapter 2 Topics This chapter will cover the following topics and concepts: • What a fi rewall is • Why you need a fi rewall • How fi rewalls work and what they do • What the basics of TCP/IP are • What the types of fi rewalls are • What ingress and egress fi ltering is • What the types of fi rewall fi ltering are • What the difference between software and hardware fi rewalls is • What dual-homed and triple-homed fi rewalls are • What the best placement of a fi rewall is 43 Chapter 2 Goals After completing this chapter, you will be able to: • Defi ne fi rewalls • Explain the need for fi rewalls • Describe types of fi rewalls, including network router/interface fi rewall, hardware appliance fi rewall, and host software fi rewall • Explain standard fi ltering methods, including...
Words: 15354 - Pages: 62
...a fi rewall is, what a fi rewall does, how it performs these tasks, why fi rewalls are necessary, the various fi rewall types, and fi ltering mechanisms. Once you understand these fundamentals of fi rewalls, you will able to look beyond the unschooled opinions, common mythology, and marketing hype surrounding them, and the crucial benefi ts of effective fi rewall architecture will become clear. Like any tool, fi rewalls are useful in solving a variety of particular problems and in supporting essential network security. Chapter 2 Topics This chapter will cover the following topics and concepts: • What a fi rewall is • Why you need a fi rewall • How fi rewalls work and what they do • What the basics of TCP/IP are • What the types of fi rewalls are • What ingress and egress fi ltering is • What the types of fi rewall fi ltering are • What the difference between software and hardware fi rewalls is • What dual-homed and triple-homed fi rewalls are • What the best placement of a fi rewall is 43 Chapter 2 Goals After completing this chapter, you will be able to: • Defi ne fi rewalls • Explain the need for fi rewalls • Describe types of fi rewalls, including network router/interface fi rewall, hardware appliance fi rewall, and host software fi rewall • Explain standard fi ltering methods, including...
Words: 15354 - Pages: 62
...Nmap® Cookbook The fat-free guide to network scanning 2 Nmap® Cookbook The Fat-free Guide to Network Scanning Copyright © 2010 Nicholas Marsh All rights reserved. ISBN: 1449902529 EAN-13: 9781449902520 www.NmapCookbook.com BSD® is a registered trademark of the University of California, Berkeley CentOS is property of CentOS Ltd. Debian® is a registered trademark of Software in the Public Interest, Inc Fedora® is a registered trademark of Red Hat, Inc. FreeBSD® is a registered trademark of The FreeBSD Foundation Gentoo® is a registered trademark of The Gentoo Foundation Linux® is the registered trademark of Linus Torvalds Mac OS X® is a registered trademark of Apple, Inc. Windows® is a registered trademark of Microsoft Corporation Nmap® is a registered trademark of Insecure.Com LLC Red Hat® is a registered trademark of Red Hat, Inc. Ubuntu® is a registered trademark of Canonical Ltd. UNIX® is a registered trademark of The Open Group All other trademarks used in this book are property of their respective owners. Use of any trademark in this book does not constitute an affiliation with or endorsement from the trademark holder. All information in this book is presented on an “as-is” basis. No warranty or guarantee is provided and the author and/or publisher shall not be held liable for any loss or damage. 3 4 Contents at a Glance Introduction....................................................................................... 15 Section 1: Installing Nmap...
Words: 25175 - Pages: 101
...defines the fundamentals of firewalls. These include what a firewall is, what a firewall does, how it performs these tasks, why firewalls are necessary, the various firewall types, and filtering mechanisms. Once you understand these fundamentals of firewalls, you will be able to look beyond the unschooled opinions, common mythology, and marketing hype surrounding them, and the crucial benefits of effective firewall architecture will become clear. Like any tool, firewalls are useful in solving a variety of problems and in supporting essential network security. Chapter 2 Topics This chapter covers the following topics and concepts: • What a firewall is • Why you need a firewall • How firewalls work and what they do • What the basics of TCP/IP are • What the types of firewalls are • What ingress and egress filtering is • What the types of firewall filtering are • What the difference between software and hardware firewalls is • What dual-homed and triple-homed firewalls are • What the best placement of a firewall is 43 Chapter 2 Goals When you complete this chapter, you will be able to: • Define firewalls • Explain the need for firewalls • Describe types of firewalls, including network router/interface firewall, hardware appliance firewall, and host software firewall • Explain standard filtering methods, including static packet filtering, NAT services, application proxy filtering, circuit proxy filtering, dynamic packet filtering,...
Words: 15367 - Pages: 62
...Wireless Network Security Wireless networks in personal homes are becoming more and more popular. With the ease of using no wires and the signal being broadcasted throughout the house, the new printers coming out that are network ready, and along with the new gaming systems like Playstation 3 and Xbox 360 all have wireless network settings. A wireless network is the most vulnerable network out if the precautions of taking time to set up the security properly. Everyone saves personal important information on their computer systems. When there is a wireless network with the settings not set right the computer system is fair game for any, who would like to look at information stored on the computer system. Viruses are not the only thing to protect against. Outsiders or even a neighbor can easily get into a computer’s information though a wireless network. Identity theft can even get implemented with wireless security, if you have a lot of personal information. Credit card information and bank account information can all be stolen from the system and then used for evil. Not only are personal homes affected, but businesses can be too. WarDriving is a big fad among the computer ‘hackers.’ WarDriving came from the movie “WarGames” staring Matthew Broderick. In the movie he did what was called “wardialing”. Wardialing is to keep dialing numbers that would access a computer system’s modem until you find a modem and gain access. WarDriving is where someone can drive around in a vehicle...
Words: 3576 - Pages: 15
