Ip Spoofing

In: Computers and Technology

Submitted By surbhigupta
Words 1398
Pages 6
IP Spoofing: An Introduction
Criminals have long employed the tactic of masking their true identity, from disguises to aliases to caller-id blocking. It should come as no surprise then, that criminals who conduct their nefarious activities on networks and computers should employ such techniques. IP spoofing is one of the most common forms of on-line camouflage. In IP spoofing, an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine by “spoofing” the IP address of that machine. In this article, we will examine the concepts of IP spoofing: why it is possible, how it works, what it is used for and how to defend against it.Internet Protocol – IP Internet protocol (IP) is a network protocol operating at layer 3 (network) of the OSI model. It is a connectionless model, meaning there is no information regarding transaction state, which is used to route packets on a network. Additionally, there is no method in place to ensure that a packet is properly delivered to the destination.Examining the IP header, we can see that the first 12 bytes (or the top 3 rows of the header) contain various information about the packet. The next 8 bytes (the next 2 rows), however, contains the source and destination IP addresses. Using one of several tools, an attacker can easily modify these addresses – specifically the “source address” field. It's important to note that each datagram is sent independent of all others due to the stateless nature of IP. Keep this fact in mind as we examine TCP in the next section.Transmission Control Protocol – TCP IP can be thought of as a routing wrapper for layer 4 (transport), which contains the Transmission Control Protocol (TCP). Unlike IP, TCP uses a connection-oriented design. This means that the participants in a TCP session must first build a connection - via the…...

Similar Documents

Ip Addressing

... now referred to as "/24s" since they have a 24-bit network-prefix. A maximum of 2,097,152 (221) /24 networks can be defined with up to 254 (28-2) hosts per network. Since the entire /24 address block contains 229 (536,870,912) addresses, it represents 12.5% (or 1/8th) of the total IPv4 unicast address space. Class D Class D addresses have their leading four-bits set to 1-1-1-0 and are used to support IP Multicasting (IP Address, 2010). RFC 1918 IP address ranges There are 3 IP ranges that are not routed across the Internet and can only be used on local networks. These are RFC 1918 IP addresses. You will sometimes see these used on ISP networks, where the devices can only be accessed from within the ISP's network, not from the rest of the Internet. There are 3 IP ranges defined in RFC 1918: 10.0.0.0/8 (10.0.0.0-10.255.255.255), 172.16.0.0/12 (172.16.0.0-172.31.255.255), 192.168.0.0/16 (192.168.0.0-192.168.255.255) (havoc, 2012) Sampling of Martian/ Bogon address ranges A bogon list is a compilation of address ranges that are used on private networks and should not be visible on the public Internet under normal operation. Some bogons do appear on the public Internet for various reasons, including the (legitimate) use of non-globally unique addresses for router interfaces, source address spoofing in DDoS attacks and the use of unallocated address blocks for malicious or fraudulent purposes (Hyan, 2004) Martians A Martian packet is a packet that is reserved for special......

Words: 598 - Pages: 3

Ip Spoffing

...IP Spoofing by Farha Ali, Lander University The Internet Protocol, or IP, is the main protocol used to route information across the Internet. The role of IP is to provide best-effort services for the delivery of information to its destination. IP depends on upper-level TCP/IP suite layers to provide accountability and reliability. The heart of IP is the IP datagram, a packet sent over the Internet in a connectionless manner. An IP datagram carries enough information about the network to get forwarded to its destination; it consists of a header followed by bytes of data . The header contains information about the type of IP datagram, how long the datagram should stay on the network (or how many hops it should be forwarded to), special flags indicating any special purpose the datagram is supposed to serve, the destination and source addresses, and several other fields, as shown in Figure 1. Figure 1: The IP Header Layers above IP use the source address in an incoming packet to identify the sender. To communicate with the sender, the receiving station sends a reply by using the source address in the datagram. Because IP makes no effort to validate whether the source address in the packet generated by a node is actually the source address of the node, you can spoof the source address and the receiver will think the packet is coming from that spoofed address. Many programs for preparing spoofed IP datagrams are available for free on the Internet; for example, hping...

Words: 3368 - Pages: 14

Ip Spoof

...On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 6 IP source address spoofing has plagued the Internet for many years. Attackers spoof source addresses to mount attacks and redirect blame. Researchers have proposed many mechanisms to defend against spoofing, with varying levels of success. With the defense mechanisms available today, where do we stand? How do the various defense mechanisms compare? This article first looks into the current state of IP spoofing, then thoroughly surveys the current state of IP spoofing defense. It evaluates data from the Spoofer Project, and describes and analyzes host-based defense methods, router-based defense methods, and their combinations. It further analyzes what obstacles stand in the way of deploying those modern solutions and what areas require further research. Categories and Subject Descriptors: C.2.0 [Computer-Communication Networks]: General— Security and protection General Terms: Performance, Security Additional Key Words and Phrases: IP spoofing, spoofing defense, spoofing packet, packet filtering ACM Reference Format: Ehrenkranz, T. and Li, J. 2009. On the state of IP spoofing defense. ACM Trans. Internet Technol. 9, 2, Article 6 (May 2009), 29 pages. DOI = 10.1145/1516539.1516541 http://doi.acm.org/10.1145/1516539.1516541 1. INTRODUCTION In today’s Internet, attackers can forge the source address of IP packets to both maintain their anonymity and redirect the blame for attacks. When attackers...

Words: 14721 - Pages: 59

Tcp/Ip

...TCP/IP - Socket Programming Jim Binkley 1 sockets - overview sockets ◆ simple client - server model ◆ – – – look at tcpclient/tcpserver.c look at udpclient/udpserver.c tcp/udp contrasts “normal” master/slave setup for TCP ◆ inetd on UNIX - mother server ◆ some details - there are more... ◆ Jim Binkley 2 sockets in BSD world since early 80’s, 4.2 BSD ◆ client/server model ◆ “like” unix file i/o up to a point, can be redirected to stdin/stdout/stderr (on unix) ◆ sockets are dominant tcp/ip application API ◆ – – other API is System V TLI (OSI-based) winsock - windows variations on sockets » sockets in windows event-driven framework 3 Jim Binkley sockets ◆ basic definition - “endpoint of communication” allows connected streams (TCP) or discrete messages (UDP) between processes on same machine, cross network ◆ in o.s., really read/write data queues + TCP has connection Queue (server side) ◆ talk to “socket” with handle/sock descriptor ◆ Jim Binkley 4 kinds of sockets acc. to address family; i.e. how does addressing work ◆ IP address family -> IP addr, tcp/udp port ◆ traditional BSD families ◆ – TCP/IP (AF_INET; i.e., Internet) » TCP/UDP/”raw” (talk to IP) – – – Jim Binkley UNIX (intra-machine, pipes) XNS, and even APPLETALK, DECNET, IPX ... 5 sockets client handle read write read write server socket layer r/w queues tcp stack Jim Binkley 6 syscalls - TCP client/simple test server int s...

Words: 1236 - Pages: 5

Mobile Ip

...Associate Program Material CheckPoint Assignment Mobile IP is emerging as the next industry standard for how wireless devices move from one network to another. This CheckPoint provides an opportunity for you to explore the possibilities of this new technology. Resources: Ch. 9 & 11 of CWNA Certified Wireless Network Administrator Official Study Guide Answer the following questions about the potential of mobile office networking and Mobile IP: • What are the advantages and disadvantages of Mobile IP? • What are the typical installations of Mobile IP? • Do you think Mobile IP will increase in popularity? Why or why not? Support your position with either textual evidence or research from the University Library. Format citations and references consistent with APA guidelines. CheckPoint The advantages of mobile IP protocol are numerous. First of all, unique IP assigned to a specific node allows for faster and more reliable routing. Second, high level of portability is reached as it allows users to go through different networks maintaining same IP address. Lastly, it allows users to cross over between networks without losing connectivity and session. I could not locate anything specific about disadvantages of mobile IP in the textbook or on the Internet, but I did find a few problematic issues with it. First, the mobile IP requires a very strong signal to work properly. If...

Words: 454 - Pages: 2

Ip Addressing

...Unit 1 Exercise 1 IP Addressing Scenario When designing the data closet should be located in a non-centralized location but still have easy access for services and upgrades or repairs. I would consider using a class b network set up which would easily allow 145 users, computers or equipment to connect but still provide additional addresses and networks as the company expands within the next two years. As for IP address I would consider static IP address for all local computers and equipment within the company such as printers, routers user computers etc. This will be easier to use and less expensive. With over 16,000 networks and 65,000 host address available there will be plenty of room for the company to grow. I would also consider having a wireless network using dynamic ip addresses leasing addresses to the user’s devices to allow users to connect there wireless devices to the network. All the systems we use today can work well with DHCP so it shouldn’t be a problem. Also you should consider having multiple domain and DHCP servers to provide load balancing, efficiency and safety in case of server failure. DHCP should be used whenever possible DHCP is easier because there is usually not a need to manually assign and track IP addresses across a number of devices where a specific IP is not necessary, and use reservations for the static devices like Printers and A/P's. And use static addresses for Servers. For example when recovering from a full power outage DHCP WILL......

Words: 308 - Pages: 2

Ip Subnetting

...IP networking 12/17/2013 IP Addresses Classes and specific-Use IP Address Space An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication.[1] An IP address serves two principal functions: host or network interface identification and location addressing. Its role has been characterized as follows: "A name indicates what we seek. An address indicates where it is. A route indicates how to get there."[2] The designers of the Internet Protocol defined an IP address as a 32-bit number[1] and this system, known as Internet Protocol Version 4 (IPv4), is still in use today. However, due to the enormous growth of the Internet and the predicted depletion of available addresses, a new version of IP (IPv6), using 128 bits for the address, was developed in 1995.[3] IPv6 was standardized as RFC 2460 in 1998,[4] and its deployment has been ongoing since the mid-2000s. IP addresses are binary numbers, but they are usually stored in text files and displayed in human-readable notations, such as 172.16.254.1 (for IPv4), and 2001:db8:0:1234:0:567:8:1 (for IPv6). The Internet Assigned Numbers Authority (IANA) manages the IP address space allocations globally and delegates five regional Internet registries (RIRs) to allocate IP address blocks to local Internet registries (Internet service providers) and other entities. In IPv4 an address consists...

Words: 841 - Pages: 4

Ip Networking

...Chapter 14 Answer the following review questions. For some questions, more than one choice may be correct. 1. Which of the following routing protocols are considered to use distance vector logic? a. RIP b. IGRP c. EIGRP d. OSPF 2. Which of the following routing protocols are considered to use link-state logic? a. RIP b. RIP-2 c. IGRP d. EIGRP e. OSPF f. Integrated IS-IS 3. Which of the following routing protocols support VLSM? a. RIP b. RIP-2 c. IGRP d. EIGRP e. OSPF f. Integrated IS-IS 4. Which of the following routing protocols are considered to be capable of converging quickly? a. RIP b. RIP-2 c. IGRP d. EIGRP e. OSPF f. Integrated IS-IS 5. Router1 has interfaces with addresses 9.1.1.1 and 10.1.1.1. Router2, connected to Router1 over a serial link, has interfaces with addresses 10.1.1.2 and 11.1.1.2. Which of the following commands would be part of a complete RIP Version 2 configuration on Router2, with which Router2 advertises out all interfaces, and about all routes? a. router rip b. router rip 3 c. network 9.0.0.0 d. version 2 e. network 10.0.0.0 f. network 10.1.1.1 g. network 10.1.1.2 h. network 11.0.0.0 i. network 11.1.1.2 6. Which of the following network commands, following a router rip command, would cause RIP to send updates out two interfaces whose IP addresses are 10.1.2.1 and 10.1.1.1, mask 255.255.255.0? a. network 10.0.0.0 b. network 10.1.1.0 10.1.2.0 c. network 10.1.1.1 10.1.2.1 d. network 10.1.0.0...

Words: 1957 - Pages: 8

Ip Adressing

...1. Research the following organizations and explain their involvement with the Internet public IP addresses a. American Registry for Internet Numbers (ARIN):a nonprofit corporation responsible for managing internet number resources for many Caribbean and North Atlantic islands, Canada, and the US b. Internet Assigned Numbers Authority (IANA):department responsible for coordinating, allocating and maintaining unique codes and numbering systems that are used in the technical standards that drive the Internet c. Asia-Pacific Network Information Center (APNIC): manages the assignment of Internet number resources within the Asian continent, serves as the database within the Asian continent, storing regional domain names and IP addresses and accepting queries 2. Approximately how many IPv4 addresses are possible? approximately 4.3 billion 3. Approximately how many IPv6 addresses are possible? approximately 3.4028 x 1038 4. Why do you think the world is running out of IPv4 addresses? many computers and cellphones, tablets all connected to a IP address 5. How long do you think it will take before the IPv4 addresses are completely exhausted? I believe that we are out already 6. Since IPv6 is the long-term solution for this issue, why do you think we are still using and assigning IPv4 addresses on the Internet? They are being given to network operators who use them for essential connectivity with next generation IPv6 addresses. 7. Do you think the possibility...

Words: 374 - Pages: 2

Ip Configuration

...For the network configuration, we decided to go with a partial mesh configuration to save on cost and time. With the amount of staff members and estimate growth on a annual basis. For Ip address that’s needed to allow enough for employees and guest for the business the sufficient. ip address 10.0.0.0.0 with 255.255.255.255 subnet with 256 usable ip address with a /25 allow guest to use the network . The configuration of the wireless network would allow the management workgroup to connect wireless on the third floor were the upper management staff. Basement level to the second/ first floor with run unshielded paired Ethernet cabling only to the telemarketers, which is about 85 feet. 15 ft for the security desk and 20 feet to training room. Sales agents will run off the wireless with workgroup allowing minimal access to display product to customers with restricted access to the outside internet with the configurations to allow monitor and packet captures as well as the management group .wireless system will support IEEE 802.11g ,IEEE 802.11b, IEEE 802.11a. Cisco wireless access point will be mounted on the ceiling with a hexagon formation to allow maximum coverage within the infrastructure. Basic information relating to the communication of the wireless network in figure 1.1 and the layout of the cisco wireless access points figure 1.2. each workstation not part of the training or security will be equipped with 150Mbps 2.4GHz Wireless PCI LAN Adapter Card......

Words: 321 - Pages: 2

Ip Spoofing

...12/7/2014 IP Spoofing ­ Cisco Systems The Internet Protocol Journal, Volume 10, No. 4 IP Spoofing HOME ABOUT CISCO PUBLICATIONS AND MERCHANDISE THE INTERNET PROTOCOL JOURNAL ISSUES VOLUME 10, NUMBER 4, DECEMBER 2007 Book Review Call for Papers Download PDF Fragments From the Editor IP Spoofing Looking Toward the Future Remembering Itojun Security Standards Layers above IP use the source address in an incoming packet to identify the sender. To communicate with the sender, the receiving station sends a reply by using the source address in the datagram. Because IP makes no effort to validate whether the source address in the packet generated by a node is actually the source address of the node, you can spoof the source address and the receiver will think the packet is coming from that spoofed address. Many programs for preparing spoofed IP datagrams are available for free on the Internet; for example, hping lets you prepare spoofed IP datagrams with just a one­line command, and you can send them to almost anybody in the world. You can spoof at various network layers; for example, you can use Address Resolution Protocol (ARP) spoofing to divert the traffic intended for one station to someone else. The Simple Mail Transfer Protocol (SMTP) is also a target for spoofing; because SMTP does not verify the sender's address, you can send any e­mail to anybody pretending to be someone else. This article focuses on the various types of attacks that involve IP spoofing on...

Words: 3181 - Pages: 13

Email Tracing and Spoofing

... provided in an email. 3) Incorrect grammar/spelling A common practice of many hackers is to use misspelled words on purpose. While it may seem that this would easily reveal an illegitimate email, it is actually a tactic used to find less savvy users. Spammers have learned that if they get a response from a poorly written email, they are on to an easy target and will focus their efforts to bring that user down. 4) Plain text/Absence of logos Most legitimate messages will be written with HTML and will be a mix of text and images. A poorly constructed phishing email may show an absence of images, including the lack of the company’s logo. If the email is all plain text and looks different than what you’re used to seeing from that sender, it is best to go with your gut feeling and ignore the message. 5) Message body is an image This is a common practice of many spammers. Make sure the email is a good mix of text and images. Also, there may be embedded links for you to hover over within the image for an extra step of precaution. 6) IP Reputation If you can easily identify the sending IP of that email, you can look up the IP’s reputation through Return Path’s Sender Score site. This tool will reveal a score (0-100) and will be able to give you some insight into the sending IPs historical performance. The lower the score, the more likely the email is a phishing or spoofing attempt. 7) Request for personal information One tactic that is commonly used by......

Words: 3362 - Pages: 14

Dns Spoofing and Arp Poisoning

.../htdocs to be able to execute by applying command “chmod 777 *.*” to edit etter.dns file at /etc/ettercap and to change : facebook.com A 192.168.1.110 *.facebook.com A 192.168.1.110 www.facebook.com PTR 192.168.1.110 to run Apache server with XAMPP, then….. to test it with localhost in browser to test it from other computer, then….. to run : echo 1 > /proc/sys/net/ipv4/ip_forward Sniff >>> Unified Sniffing to run Ettercap for DNS Spoofing and ARP Poisoning Host >>> Scan for Hosts Hosts >>> Hosts List 192.168.1.1 >>> Add to Target 1 Plugins >>> Manage the plugins double-clicks dns_spoof Mitm >>> ARP poisoning Check >>> Sniff remote connection Start >>> Start sniffing to harvest username and password fromspoofed and poisoned www.facebook.com stored in logs.txt to save ibank.klikbca.com as index.html file, then….. copy it to /opt/lampp/htdocs to find /authentication.do then replace it with post.php to take a note: value(user_id) and value(pswd) to save failed authentication page at ibank.klikbca.com as login.html file, then….. copy it to /opt/lampp/htdocs to make a post.php file to remember to put: value(user_id) and value(pswd) and to make a blank logs.txt file to make sure all files stored in /opt/lampp/htdocs, then….. run chmod 777 *.* so all files can be read-write-execute to run Apache server and make sure everything runs well by checking it through localhost Sniff >>>......

Words: 559 - Pages: 3

Ip Spoofing

...IP Spoofing: An Introduction Criminals have long employed the tactic of masking their true identity, from disguises to aliases to caller-id blocking. It should come as no surprise then, that criminals who conduct their nefarious activities on networks and computers should employ such techniques. IP spoofing is one of the most common forms of on-line camouflage. In IP spoofing, an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine by “spoofing” the IP address of that machine. In this article, we will examine the concepts of IP spoofing: why it is possible, how it works, what it is used for and how to defend against it.Internet Protocol – IP Internet protocol (IP) is a network protocol operating at layer 3 (network) of the OSI model. It is a connectionless model, meaning there is no information regarding transaction state, which is used to route packets on a network. Additionally, there is no method in place to ensure that a packet is properly delivered to the destination.Examining the IP header, we can see that the first 12 bytes (or the top 3 rows of the header) contain various information about the packet. The next 8 bytes (the next 2 rows), however, contains the source and destination IP addresses. Using one of several tools, an attacker can easily modify these addresses – specifically the “source address” field. It's important to note that each datagram is sent independent of all...

Words: 1398 - Pages: 6

Ip Addressing

...IP ADDRESSING: An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing. Its role has been characterized as follows: "A name indicates what we seek. An address indicates where it is. A route indicates how to get there." The designers of the Internet Protocol defined an IP address as a 32-bit number[ and this system, known as Internet Protocol Version 4 (IPv4), is still in use today. However, due to the enormous growth of the Internet and the predicted depletion of available addresses, a new addressing system (IPv6), using 128 bits for the address, was developed in 1995, standardized as RFC 2460 in 1998, and its deployment has been ongoing since the mid-2000s. In the most widely installed level of the Internet Protocol (IP) today, an IP address is a 32-bit number that identifies each sender or receiver of information that is sent in packets across the Internet. When you request an HTML page or send e-mail, the Internet Protocol part of TCP/IP includes your IP address in the message (actually, in each of the packets if more than one is required) and sends it to the IP address that is obtained by looking up the domain name in the Uniform Resource Locator you requested or in the e-mail address you're sending a note to. At the...

Words: 1361 - Pages: 6