Ip Spoof

In: Computers and Technology

Submitted By nisha211
Words 14721
Pages 59
On the State of IP Spoofing Defense
TOBY EHRENKRANZ and JUN LI University of Oregon

6

IP source address spoofing has plagued the Internet for many years. Attackers spoof source addresses to mount attacks and redirect blame. Researchers have proposed many mechanisms to defend against spoofing, with varying levels of success. With the defense mechanisms available today, where do we stand? How do the various defense mechanisms compare? This article first looks into the current state of IP spoofing, then thoroughly surveys the current state of IP spoofing defense. It evaluates data from the Spoofer Project, and describes and analyzes host-based defense methods, router-based defense methods, and their combinations. It further analyzes what obstacles stand in the way of deploying those modern solutions and what areas require further research. Categories and Subject Descriptors: C.2.0 [Computer-Communication Networks]: General— Security and protection General Terms: Performance, Security Additional Key Words and Phrases: IP spoofing, spoofing defense, spoofing packet, packet filtering ACM Reference Format: Ehrenkranz, T. and Li, J. 2009. On the state of IP spoofing defense. ACM Trans. Internet Technol. 9, 2, Article 6 (May 2009), 29 pages. DOI = 10.1145/1516539.1516541 http://doi.acm.org/10.1145/1516539.1516541

1. INTRODUCTION In today’s Internet, attackers can forge the source address of IP packets to both maintain their anonymity and redirect the blame for attacks. When attackers inject packets with spoofed source addresses into the Internet, routers forward those packets to their destination just like any other packet—often without checking the validity of the packets’ source addresses. These spoofing packets1 consume network bandwidth en route to their destinations, and are often part of some malicious activity, such as a DDoS attack. Unfortunately, routers on
1…...

Similar Documents

Ip Telephony

...Hosted IP Telephony Services Service Offering Nexogy offers a range of market solutions to our clients, serving markets from residential customers to sophisticated business customers with reliable full-featured VoIP applications Our Hosted IP Telephony Services primarlily consist of: • • • IP Centrex/ IP PBX Hosted Business Business Trunking Enhanced Residential IP Centrex / IP PBX • Bring the power of a corporate PBX to enterprise customers who will no longer have to invest in PBX equipment or its maintenance • Works with analog phones as well as with IP Phones • Offer traditional PBX functionality plus a wide range of value added services not economically feasible with traditional solutions • Centralize communications services (National and International Long Distance, Local Calling, Local Phone Service, Hosted PBX) on a single bill IP Centrex Features 976/900 Block Abbreviated 2-digit dialing Anonymous Call Rejection Billing Codes Call Forward All Calls Call Forward Busy Call Forward No Answer Call Return Call Trace Call Waiting Call Waiting/ID Manager Caller ID Caller ID Block Classes of Service Direct Inward Dial (DID) Do Not Disturb Flexible Auto-Attendant Flexible Numbering Plan Forward to Voice Mail Group Pickup Hold Hold Music Hunt Groups Multi-call Park N-way Conference Off-Premises Stations Park & Park Pickup Permanent Per Call Block Priority Call Queues Redial Remote Call Forward to DID Selective Call Forward Selective Call Rejection Speed Dial...

Words: 1276 - Pages: 6

Ip Spoofing

... recipient.Denial of Service Attack IP spoofing is almost always used in what is currently one of the most difficult attacks to defend against – denial of service attacks, or DoS. Since crackers are concerned only with consuming bandwidth and resources, they need not worry about properly completing handshakes and transactions. Rather, they wish to flood the victim with as many packets as possible in a short amount of time. In order to prolong the effectiveness of the attack, they spoof source IP addresses to make tracing and stopping the DoS as difficult as possible. When multiple compromised hosts are participating in the attack, all sending spoofed traffic, it is very challenging to quickly block traffic.Misconceptions of IP Spoofing While some of the attacks described above are a bit outdated, such as session hijacking for host-based authentication services, IP spoofing is still prevalent in network scanning and probes, as well as denial of service floods. However, the technique does not allow for anonymous Internet access, which is a common misconception for those unfamiliar with the practice. Any sort of spoofing beyond simple floods is relatively advanced and used in very specific instances such as evasion and connection hijacking.Defending Against Spoofing There are a few precautions that can be taken to limit IP spoofing risks on your network, such as:Filtering at the Router - Implementing ingress and egress filtering on your border routers is a great place to start......

Words: 1398 - Pages: 6

Ip Addressing

...IP ADDRESSING: An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing. Its role has been characterized as follows: "A name indicates what we seek. An address indicates where it is. A route indicates how to get there." The designers of the Internet Protocol defined an IP address as a 32-bit number[ and this system, known as Internet Protocol Version 4 (IPv4), is still in use today. However, due to the enormous growth of the Internet and the predicted depletion of available addresses, a new addressing system (IPv6), using 128 bits for the address, was developed in 1995, standardized as RFC 2460 in 1998, and its deployment has been ongoing since the mid-2000s. In the most widely installed level of the Internet Protocol (IP) today, an IP address is a 32-bit number that identifies each sender or receiver of information that is sent in packets across the Internet. When you request an HTML page or send e-mail, the Internet Protocol part of TCP/IP includes your IP address in the message (actually, in each of the packets if more than one is required) and sends it to the IP address that is obtained by looking up the domain name in the Uniform Resource Locator you requested or in the e-mail address you're sending a note to. At the...

Words: 1361 - Pages: 6

Ip Spoffing

...IP Spoofing by Farha Ali, Lander University The Internet Protocol, or IP, is the main protocol used to route information across the Internet. The role of IP is to provide best-effort services for the delivery of information to its destination. IP depends on upper-level TCP/IP suite layers to provide accountability and reliability. The heart of IP is the IP datagram, a packet sent over the Internet in a connectionless manner. An IP datagram carries enough information about the network to get forwarded to its destination; it consists of a header followed by bytes of data . The header contains information about the type of IP datagram, how long the datagram should stay on the network (or how many hops it should be forwarded to), special flags indicating any special purpose the datagram is supposed to serve, the destination and source addresses, and several other fields, as shown in Figure 1. Figure 1: The IP Header Layers above IP use the source address in an incoming packet to identify the sender. To communicate with the sender, the receiving station sends a reply by using the source address in the datagram. Because IP makes no effort to validate whether the source address in the packet generated by a node is actually the source address of the node, you can spoof the source address and the receiver will think the packet is coming from that spoofed address. Many programs for preparing spoofed IP datagrams are available for free on the Internet; for example, hping...

Words: 3368 - Pages: 14

Ip Spoof

...On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 6 IP source address spoofing has plagued the Internet for many years. Attackers spoof source addresses to mount attacks and redirect blame. Researchers have proposed many mechanisms to defend against spoofing, with varying levels of success. With the defense mechanisms available today, where do we stand? How do the various defense mechanisms compare? This article first looks into the current state of IP spoofing, then thoroughly surveys the current state of IP spoofing defense. It evaluates data from the Spoofer Project, and describes and analyzes host-based defense methods, router-based defense methods, and their combinations. It further analyzes what obstacles stand in the way of deploying those modern solutions and what areas require further research. Categories and Subject Descriptors: C.2.0 [Computer-Communication Networks]: General— Security and protection General Terms: Performance, Security Additional Key Words and Phrases: IP spoofing, spoofing defense, spoofing packet, packet filtering ACM Reference Format: Ehrenkranz, T. and Li, J. 2009. On the state of IP spoofing defense. ACM Trans. Internet Technol. 9, 2, Article 6 (May 2009), 29 pages. DOI = 10.1145/1516539.1516541 http://doi.acm.org/10.1145/1516539.1516541 1. INTRODUCTION In today’s Internet, attackers can forge the source address of IP packets to both maintain their anonymity and redirect the blame for attacks. When attackers...

Words: 14721 - Pages: 59

Ip Address

... Internet Protocol for communication. Source: Wikipedia a. How do you know your computer’s IP address? * command prompt then ipconfig * if you have a virtual network computing (vnc) icon, you can hover on it to see your IP address b. How do you know you are behind a firewall? * if you cannot access sites like facebook and twitter in a certain location like the office but you can do view the following sites at home c. Demonstrate 3. What is an IP header? * The IP header is the outermost portion of the packet and contains the source and destination IP addresses -- numeric codes that uniquely identify each computer on a network -- and other useful information about the packet. The protocol header describes the type of protocol used to transmit the packet and the content is the payload portion of the packet, containing the actual data transmitted. a. How do you locate a header in a public email server like yahoo? * Yahoo * • Log in to your Yahoo mail account. * • Select the message you want to view headers for. * • Click the Actions dropdown and select View Full Header. b. In outlook? * Click reply or forward email * Header if part of the original email received c. Discuss the value of knowing how your message gets relayed. * Email headers provide information about the origin and path that the email took from the sender to the recipient. Many hackers "spoof" email addresses to look like they are coming from someone...

Words: 957 - Pages: 4

Tcp/Ip

...TCP/IP - Socket Programming Jim Binkley 1 sockets - overview sockets ◆ simple client - server model ◆ – – – look at tcpclient/tcpserver.c look at udpclient/udpserver.c tcp/udp contrasts “normal” master/slave setup for TCP ◆ inetd on UNIX - mother server ◆ some details - there are more... ◆ Jim Binkley 2 sockets in BSD world since early 80’s, 4.2 BSD ◆ client/server model ◆ “like” unix file i/o up to a point, can be redirected to stdin/stdout/stderr (on unix) ◆ sockets are dominant tcp/ip application API ◆ – – other API is System V TLI (OSI-based) winsock - windows variations on sockets » sockets in windows event-driven framework 3 Jim Binkley sockets ◆ basic definition - “endpoint of communication” allows connected streams (TCP) or discrete messages (UDP) between processes on same machine, cross network ◆ in o.s., really read/write data queues + TCP has connection Queue (server side) ◆ talk to “socket” with handle/sock descriptor ◆ Jim Binkley 4 kinds of sockets acc. to address family; i.e. how does addressing work ◆ IP address family -> IP addr, tcp/udp port ◆ traditional BSD families ◆ – TCP/IP (AF_INET; i.e., Internet) » TCP/UDP/”raw” (talk to IP) – – – Jim Binkley UNIX (intra-machine, pipes) XNS, and even APPLETALK, DECNET, IPX ... 5 sockets client handle read write read write server socket layer r/w queues tcp stack Jim Binkley 6 syscalls - TCP client/simple test server int s...

Words: 1236 - Pages: 5

Mobile Ip

...Associate Program Material CheckPoint Assignment Mobile IP is emerging as the next industry standard for how wireless devices move from one network to another. This CheckPoint provides an opportunity for you to explore the possibilities of this new technology. Resources: Ch. 9 & 11 of CWNA Certified Wireless Network Administrator Official Study Guide Answer the following questions about the potential of mobile office networking and Mobile IP: • What are the advantages and disadvantages of Mobile IP? • What are the typical installations of Mobile IP? • Do you think Mobile IP will increase in popularity? Why or why not? Support your position with either textual evidence or research from the University Library. Format citations and references consistent with APA guidelines. CheckPoint The advantages of mobile IP protocol are numerous. First of all, unique IP assigned to a specific node allows for faster and more reliable routing. Second, high level of portability is reached as it allows users to go through different networks maintaining same IP address. Lastly, it allows users to cross over between networks without losing connectivity and session. I could not locate anything specific about disadvantages of mobile IP in the textbook or on the Internet, but I did find a few problematic issues with it. First, the mobile IP requires a very strong signal to work properly. If...

Words: 454 - Pages: 2

Ip Addressing

...Unit 1 Exercise 1 IP Addressing Scenario When designing the data closet should be located in a non-centralized location but still have easy access for services and upgrades or repairs. I would consider using a class b network set up which would easily allow 145 users, computers or equipment to connect but still provide additional addresses and networks as the company expands within the next two years. As for IP address I would consider static IP address for all local computers and equipment within the company such as printers, routers user computers etc. This will be easier to use and less expensive. With over 16,000 networks and 65,000 host address available there will be plenty of room for the company to grow. I would also consider having a wireless network using dynamic ip addresses leasing addresses to the user’s devices to allow users to connect there wireless devices to the network. All the systems we use today can work well with DHCP so it shouldn’t be a problem. Also you should consider having multiple domain and DHCP servers to provide load balancing, efficiency and safety in case of server failure. DHCP should be used whenever possible DHCP is easier because there is usually not a need to manually assign and track IP addresses across a number of devices where a specific IP is not necessary, and use reservations for the static devices like Printers and A/P's. And use static addresses for Servers. For example when recovering from a full power outage DHCP WILL......

Words: 308 - Pages: 2

Ip Subnetting

...IP networking 12/17/2013 IP Addresses Classes and specific-Use IP Address Space An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication.[1] An IP address serves two principal functions: host or network interface identification and location addressing. Its role has been characterized as follows: "A name indicates what we seek. An address indicates where it is. A route indicates how to get there."[2] The designers of the Internet Protocol defined an IP address as a 32-bit number[1] and this system, known as Internet Protocol Version 4 (IPv4), is still in use today. However, due to the enormous growth of the Internet and the predicted depletion of available addresses, a new version of IP (IPv6), using 128 bits for the address, was developed in 1995.[3] IPv6 was standardized as RFC 2460 in 1998,[4] and its deployment has been ongoing since the mid-2000s. IP addresses are binary numbers, but they are usually stored in text files and displayed in human-readable notations, such as 172.16.254.1 (for IPv4), and 2001:db8:0:1234:0:567:8:1 (for IPv6). The Internet Assigned Numbers Authority (IANA) manages the IP address space allocations globally and delegates five regional Internet registries (RIRs) to allocate IP address blocks to local Internet registries (Internet service providers) and other entities. In IPv4 an address consists...

Words: 841 - Pages: 4

Ip Networking

...Chapter 14 Answer the following review questions. For some questions, more than one choice may be correct. 1. Which of the following routing protocols are considered to use distance vector logic? a. RIP b. IGRP c. EIGRP d. OSPF 2. Which of the following routing protocols are considered to use link-state logic? a. RIP b. RIP-2 c. IGRP d. EIGRP e. OSPF f. Integrated IS-IS 3. Which of the following routing protocols support VLSM? a. RIP b. RIP-2 c. IGRP d. EIGRP e. OSPF f. Integrated IS-IS 4. Which of the following routing protocols are considered to be capable of converging quickly? a. RIP b. RIP-2 c. IGRP d. EIGRP e. OSPF f. Integrated IS-IS 5. Router1 has interfaces with addresses 9.1.1.1 and 10.1.1.1. Router2, connected to Router1 over a serial link, has interfaces with addresses 10.1.1.2 and 11.1.1.2. Which of the following commands would be part of a complete RIP Version 2 configuration on Router2, with which Router2 advertises out all interfaces, and about all routes? a. router rip b. router rip 3 c. network 9.0.0.0 d. version 2 e. network 10.0.0.0 f. network 10.1.1.1 g. network 10.1.1.2 h. network 11.0.0.0 i. network 11.1.1.2 6. Which of the following network commands, following a router rip command, would cause RIP to send updates out two interfaces whose IP addresses are 10.1.2.1 and 10.1.1.1, mask 255.255.255.0? a. network 10.0.0.0 b. network 10.1.1.0 10.1.2.0 c. network 10.1.1.1 10.1.2.1 d. network 10.1.0.0...

Words: 1957 - Pages: 8

Ip Adressing

...1. Research the following organizations and explain their involvement with the Internet public IP addresses a. American Registry for Internet Numbers (ARIN):a nonprofit corporation responsible for managing internet number resources for many Caribbean and North Atlantic islands, Canada, and the US b. Internet Assigned Numbers Authority (IANA):department responsible for coordinating, allocating and maintaining unique codes and numbering systems that are used in the technical standards that drive the Internet c. Asia-Pacific Network Information Center (APNIC): manages the assignment of Internet number resources within the Asian continent, serves as the database within the Asian continent, storing regional domain names and IP addresses and accepting queries 2. Approximately how many IPv4 addresses are possible? approximately 4.3 billion 3. Approximately how many IPv6 addresses are possible? approximately 3.4028 x 1038 4. Why do you think the world is running out of IPv4 addresses? many computers and cellphones, tablets all connected to a IP address 5. How long do you think it will take before the IPv4 addresses are completely exhausted? I believe that we are out already 6. Since IPv6 is the long-term solution for this issue, why do you think we are still using and assigning IPv4 addresses on the Internet? They are being given to network operators who use them for essential connectivity with next generation IPv6 addresses. 7. Do you think the possibility...

Words: 374 - Pages: 2

Ip Configuration

...For the network configuration, we decided to go with a partial mesh configuration to save on cost and time. With the amount of staff members and estimate growth on a annual basis. For Ip address that’s needed to allow enough for employees and guest for the business the sufficient. ip address 10.0.0.0.0 with 255.255.255.255 subnet with 256 usable ip address with a /25 allow guest to use the network . The configuration of the wireless network would allow the management workgroup to connect wireless on the third floor were the upper management staff. Basement level to the second/ first floor with run unshielded paired Ethernet cabling only to the telemarketers, which is about 85 feet. 15 ft for the security desk and 20 feet to training room. Sales agents will run off the wireless with workgroup allowing minimal access to display product to customers with restricted access to the outside internet with the configurations to allow monitor and packet captures as well as the management group .wireless system will support IEEE 802.11g ,IEEE 802.11b, IEEE 802.11a. Cisco wireless access point will be mounted on the ceiling with a hexagon formation to allow maximum coverage within the infrastructure. Basic information relating to the communication of the wireless network in figure 1.1 and the layout of the cisco wireless access points figure 1.2. each workstation not part of the training or security will be equipped with 150Mbps 2.4GHz Wireless PCI LAN Adapter Card......

Words: 321 - Pages: 2

Ip Spoofing

...12/7/2014 IP Spoofing ­ Cisco Systems The Internet Protocol Journal, Volume 10, No. 4 IP Spoofing HOME ABOUT CISCO PUBLICATIONS AND MERCHANDISE THE INTERNET PROTOCOL JOURNAL ISSUES VOLUME 10, NUMBER 4, DECEMBER 2007 Book Review Call for Papers Download PDF Fragments From the Editor IP Spoofing Looking Toward the Future Remembering Itojun Security Standards Layers above IP use the source address in an incoming packet to identify the sender. To communicate with the sender, the receiving station sends a reply by using the source address in the datagram. Because IP makes no effort to validate whether the source address in the packet generated by a node is actually the source address of the node, you can spoof the source address and the receiver will think the packet is coming from that spoofed address. Many programs for preparing spoofed IP datagrams are available for free on the Internet; for example, hping lets you prepare spoofed IP datagrams with just a one­line command, and you can send them to almost anybody in the world. You can spoof at various network layers; for example, you can use Address Resolution Protocol (ARP) spoofing to divert the traffic intended for one station to someone else. The Simple Mail Transfer Protocol (SMTP) is also a target for spoofing; because SMTP does not verify the sender's address, you can send any e­mail to anybody pretending to be someone else. This article focuses on the various types of attacks that involve IP spoofing on...

Words: 3181 - Pages: 13

Tcp/Ip

...TCP/IP This week’s paper will provide an overview into the world of the Transmission Control Protocol (TCP) and Internet Protocol (IP), and how they are used together in business and telecommunications. Frist, the current TCP/IP offerings as, as they apply to the OSI model, will be discussed. Second, the future of TCP/IP will be discussed with relevant research support as well as recommendations for new software and equipment. Finally, an overview of different methods for reducing network congestion through the use of equipment, software and multiplexing will be given. Current Offerings of TCP/IP In business, the OSI and TCP/IP have been the standard method of network classification for many years. The Open Systems Interconnect Model (OSI) can be thought of as an idea or guideline, while TCP/IP more closely relates to reality. Both models do mostly the same thing, but TCP/IP is a more efficient method, and usually matches up directly with the network. Because OSI is more of an idea, it is not utilized as much as TCP/IP. With the creation of smart switches and other advanced network equipment and functions, more layers can be combined and a more streamlined process can be gained. Because of this, TCP/IP is the most used model in modern networks, while OSI is used for describing network activity. Improving TCP/IP As TCP/IP ages and new technology comes about, there is a need to upgrade software and hardware to keep up with the demands of modern networking. Below we...

Words: 1158 - Pages: 5