Important: Use custom search function to get better results from our thousands of pages

Use " " for compulsory search eg:"electronics seminar" , use -" " for filter something eg: "electronics seminar" -"/tag/" (used for exclude results from tag pages)
Tags: ip spoofing fire, ip spoofing file sharing, ip spoofing firewall, ip spoofing for mac, ip spoofing download, ip spoofing definition, ip spoofing detection, ip spoofing defense, ip spoofing demystified, on the state of ip spoofing defense, how is ip spoofing done, network hacking tools ip spoofing download, ip spoofing example, ip spoofing attack, ip spoofing app, ip spoofing attack rails, ip spoofing advantages, ip spoofing abstract, ip spoofing application, ip spoofing asa, ip spoofing advantages and disadvantages,
Ask More Info Of  A Seminar Ask More Info Of A Project Post Reply  Follow us on Twitter
28-10-2010, 11:05 AM
Post: #6
RE: ip spoofing seminar report

.pdf  Spoofing.pdf (Size: 224.21 KB / Downloads: 316)
Spoofing

IP Spoofing


• IP spoofing is the creation of TCP/IP packets with
somebody else's IP address in the header.
• Routers use the destination IP address to forward
packets, but ignore the source IP address.
• The source IP address is used only by the destination
machine, when it responds back to the source.
• When an attacker spoofs someone’s IP address, the
victim’s reply goes back to that address.
• Since the attacker does not receive packets back, this is
called a one-way attack or blind spoofing.
• To see the return packets, the attacker must intercept
them.
Misconception (IP spoofing)
• A
12-01-2011, 11:12 AM
Post: #7
RE: ip spoofing seminar report



.ppt  IP Spoofing.ppt (Size: 230 KB / Downloads: 165)
BY

ASHISH KUMAR

BT – IT

UNDER GUIDANCE OF

MRS.ASHA JYOTI



IP SPOOFING ?

IP Spoofing is a technique used to gain unauthorized access to computers.
IP: Internet Protocol
Spoofing: using somebody else’s information
Exploits the trust relationships
Intruder sends messages to a computer with an IP address of a trusted host.

WHY IP SPOOFING IS EASY ?

Problem with the Routers.
Routers look at Destination addresses only.
Authentication based on Source addresses only.
To change source address field in IP header field is easy

IP SPOOFING STEPS

Selecting a target host (the victim)
Identify a host that the target “trust”
Disable the trusted host, sampled the target’s TCP sequence
The trusted host is impersonated and the ISN forged.
Connection attempt to a service that only requires address-based authentication.
If successfully connected, executes a simple command to leave a backdoor.

Spoofing Attacks

Spoofing is classified into :-

1. Non-blind spoofing :
This attack takes place when the attacker is on the same subnet as the target that could see sequence and acknowledgement of packets.

2. Blind spoofing :
This attack may take place from outside where sequence and acknowledgement numbers are unreachable. Attackers usually send several packets to the target machine in order to sample sequence numbers, which is doable in older days .

3. Denial of Service Attack :
IP spoofing is almost always used in denial
of service attacks (DoS), in which attackers
are concerned with consuming bandwidth
and resources by flooding the target with as
many packets as possible in a short amount
of time.

4. SMURF ATTACK :
Send ICMP ping packet with spoofed IP source address to a LAN which will broadcast to all hosts on the LAN
Each host will send a reply packet to the spoofed IP address leading to denial of service

5. Man - in - the – middle :
Packet sniffs on link between the two
endpoints, and therefore can pretend to
be one end of the connection.


Detection of IP Spoofing

1. If you monitor packets using network-monitoring software such as netlog, look for a packet on your external interface that has both its source and destination IP addresses in your local domain. If you find one, you are currently under attack.

2. Another way to detect IP spoofing is to compare the process accounting logs between systems on your internal network. If the IP spoofing attack has succeeded on one of your systems, you may get a log entry on the victim machine showing a remote access; on the apparent source machine, there will be no corresponding entry for initiating that remote access .

IP-Spoofing Counter-measures

No insecure authenticated services
Disable commands like ping
Use encryption
Strengthen TCP/IP protocol
Firewall
IP trace back

IP Trace-back
To trace back as close to the attacker’s location as possible
Limited in reliability and efficiency
Require cooperation of many other network operators along the routing path
Generally does not receive much attention from network operators

Misconception of IP Spoofing
A common misconception is that "IP Spoofing" can
be used to hide your IP address while surfing the
Internet, chatting on-line, sending e-mail, and so
forth.

This is generally not true. Forging the source IP
address causes the responses to be misdirected,
meaning you cannot create a normal network
connection. However, IP spoofing is an integral part of
many networks that do not need to see responses.

IP-Spoofing Facts

IP protocol is inherently weak
Makes no assumption about sender/recipient
Nodes on path do not check sender’s identity
There is no way to completely eliminate IP spoofing
Can only reduce the possibility of attack

Applications

Asymmetric routing (Splitting routing)

SAT DSL

NAT

IP Masquerade

ADVANTAGES


Multiple Servers :
Sometimes you want to change where packets heading into your network will go. Frequently this is because you have only one IP address, but you want people to be able to get into the boxes behind the one with the `real' IP address.


Transparent Proxying :

Sometimes you want to pretend that each packet which passes through your Linux box is destined for a program on the Linux box itself. This is used to make transparent proxies: a proxy is a program which stands between your network and the outside world, shuffling communication between the two. The transparent part is because your network won't even know it's talking to a proxy, unless of course, the proxy doesn't work.

DISADVANTAGES

Blind to Replies :
A drawback to ip source address spoofing is that reply packet will go back to the spoofed ip address rather than to the attacker. This is fine for many type of attack packet. However in the scanning attack as we will see next the attacker may need to see replies .in such cases ,the attacker can not use ip address spoofing .

Serial attack platforms :
However, the attacker can still maintain anonymity by taking over a chain of attack hosts. The attacker attacks the target victim using a point host-the last host in the attack chain .Even if authorities learn the point host’s identity .They might not be able to track the attack through the chain of attack hosts all the way back to the attackers base host.

CONCLUSION

IP spoofing attacks is unavoidable.

Understanding how and why spoofing attacks are used, combined with a few simple prevention methods, can help protect your network from these malicious cloaking and cracking techniques.



01-03-2011, 11:27 AM
Post: #8
RE: ip spoofing seminar report
PRESENTED BY:
ASHISH KUMAR


.ppt  IP Spoofing111111.ppt (Size: 218 KB / Downloads: 95)
IP Spoofing
• IP Spoofing is a technique used to gain unauthorized access to computers.
– IP: Internet Protocol
– Spoofing: using somebody else’s information
• Exploits the trust relationships
• Intruder sends messages to a computer with an IP address of a trusted host.
WHY IP SPOOFING IS EASY ?
• Problem with the Routers.
• Routers look at Destination addresses only.
• Authentication based on Source addresses only.
• To change source address field in IP header field is easy
IP SPOOFING STEPS
• Selecting a target host (the victim)
• Identify a host that the target “trust”
• Disable the trusted host, sampled the target’s TCP sequence
• The trusted host is impersonated and the ISN forged.
• Connection attempt to a service that only requires address-based authentication.
• If successfully connected, executes a simple command to leave a backdoor.
Spoofing Attacks
Spoofing is classified into :-

1. Non-blind spoofing :
This attack takes place when the attacker is on the same subnet as the target that could see sequence and acknowledgement of packets.
2. Blind spoofing :
This attack may take place from outside where sequence and acknowledgement numbers are unreachable. Attackers usually send several packets to the target machine in order to sample sequence numbers, which is doable in older days .
3. Denial of Service Attack :
IP spoofing is almost always used in denial of service attacks (DoS), in which attackers
are concerned with consuming bandwidth and resources by flooding the target with as
many packets as possible in a short amount of time
4. SMURF ATTACK :
 Send ICMP ping packet with spoofed IP source address to a LAN which will broadcast to all hosts on the LAN
 Each host will send a reply packet to the spoofed IP address leading to denial of service
5. Man - in - the – middle :
 Packet sniffs on link between the two
 endpoints, and therefore can pretend to
 be one end of the connection.
03-03-2011, 03:06 PM
Post: #9
RE: ip spoofing seminar report
PRESENTED BY :
Prashant Singh


.ppt  myspoofing_presentation.ppt (Size: 3.77 MB / Downloads: 133)
ip spoofing
What is IP Spoofing?
 IP spoofing is a technique used to gain unauthorized access to computers, where by the attacker sends messages to a computer with a forging IP address indicating that the message is coming from a trusted host
 Attacker puts an internal, or trusted, IP address as its source. The access control device sees the IP address as trusted and lets it through
When Spoofing occurs?
 IP spoofing occurs when a hacker inside or outside a network impersonates the conversations of a trusted computer.
 Two general techniques of IP spoofing:
• A hacker uses an IP address that is within the range of trusted IP addresses.
• A hacker uses an authorized external IP address that is trusted
3-Way Handshake in TCP/IP
 The client selects and transmits an initial sequence number ISNC ,the server acknowledges it and sends its own sequence number ISNS ,and the client acknowledges it.
 The exchange may show schematically as follows
CàS: SYN(ISNC)
SàC: SYN(ISNS) , ACK(ISNC)
CàS: ACK(ISNS)
CàS: DATA
OR
SàC: DATA

How Spoofing take place?
 Suppose, there is a way for an intruder X to predict ISNS .In this case , it could send the following sequence to impersonate trusted host T :
XàS: SYN(ISNX ) , SRC=T
SàT: SYN(ISNS) , ACK(ISNX)
XàS: ACK(ISNS) , SRC=T
XàS: ACK(ISNS) , SRC=T , nasty data

• Basic Concept of IP Spoofing
• IP Spoofing
• Why IP Spoofing is so easy?
 Problem with the Routers.
 Routers look at Destination addresses only.
 Authentication based on Source addresses only.
 To change source address field in IP header field is easy by the use of the software.
• Types of Spoofing Attack
The number of IP Spoofing attacks are:
 Non-Blinding Attack
This attack take place when the Victim and the Attacker are on the same network.
 In this the we have to make the assumption to find the sequence number passed from Target to Victim.
• Non- Blinding Spoofing
• Spoofing Attacks
 Blind Spoofing
 It is mainly used to abuse the trust relationship between hosts.
 Today, most OSs implement random sequence number generation, making it difficult to predict them accurately.
 In this many packet are sent to the victim
• Spoofing Attacks:
• Blinding Attack
• Spoofing Attacks:
 Man in the Middle Attack( Connection Hijacking)
 In this the attacker control the gateway that is in the delivery route, he can
• sniff the traffic
• intercept / block / delay traffic
• modify traffic:
Spoofing Attacks:
 ICMP Echo attacks
• Map the hosts of a network
The attack sends ICMP echo datagram to all the hosts in a subnet, then he collects the replies and determines which hosts are alive.
• Denial of service attack (SMURF attack)
The attack sends spoofed (with victim‘s IP address) ICMP Echo Requests to subnets, the victim will get ICMP Echo Replies from every machine.
Smurf Attack
Spoofing Attacks:

 ICMP Redirect attacks
• ICMP redirect messages can be used to re-route traffic on specific routes or to a specific host that is not a router at all.
• The ICMP redirect attack is very simple: just send a spoofed ICMP redirect message that appears to come from the host‘s default gateway.
ICMP Redirect attacks
ICMP destination unreachable attacks

 ICMP destination unreachable message is used by gateways to state that the datagram cannot be delivered. It can be used to “cut” out nodes from the network. It is a denial of service attack (DOS)
Example:
An attacker injects many forged destination unreachable messages stating that 100.100.100.100 is unreachable) into a subnet (e.g. 128.100.100.*). If someone from the 128.100.100.* net tries to contact 100.100.100.100, he will immediately get an ICMP Time Exceeded from the attacker‘s host. For 128.100.100.* this means that there is no way to contact 100.100.100.100, and therefore communication fails.
ICMP destination unreachable attacks
Stopping IP address spoofing attack
Packet filtering
The router that connects a network to another network is known as a border router. One way to mitigate the threat of IP spoofing is by inspecting packets when they leave and enter a network looking for invalid source IP addresses. If this type of filtering were performed on all border routers, IP address spoofing would be greatly reduced.
• Ingress Filtering
• Egress Filtering
Packet filtering
Detection of IP Spoofing

 If you monitor packets using network-monitoring software such as netlog, look for a packet on your external interface that has both its source and destination IP addresses in your local domain. If you find one, you are currently under attack
Detection of IP Spoofing
 Another way to detect IP spoofing is to compare the process accounting logs between systems on your internal network. If the IP spoofing attack has succeeded on one of your systems, you may get a log entry on the victim machine showing a remote access; on the apparent source machine, there will be no corresponding entry for initiating that remote access
How we prevent IP Spoofing?
To prevent IP spoofing happen in your network, the following are some common practices:
1- Avoid using the source address authentication. Implement cryptographic authentication system-wide.
2- Configuring your network to reject packets from the Net that claim to originate from a local address.
3- Implementing ingress and egress filtering on the border routers and implement an ACL (access control list) that blocks private IP addresses on your downstream interface.
If you allow outside connections from trusted hosts, enable encryption sessions
Our Misconception
Software for IP Spoofing

 Mac Spoofing
 Macaroni Screen Saver Bundle
 SpoofMAC
 sTerm
 MAC Change
Software to Stop IP Spoofing
 StopCut
 Find Mac Address pro
 SecurityGateway for Exchange / SMTP
 PacketCreator
 Responder Pro
21-03-2011, 04:23 PM
Post: #10
RE: ip spoofing seminar report

.doc  IP address spoofing.doc (Size: 200 KB / Downloads: 119)
IP address spoofing
In computer networking, the term IP address spoofing or IP spoofing refers to the creation of Internet Protocol (IP) packets with a forged source IP address, called spoofing, with the purpose of concealing the identity of the sender or impersonating another computing system.
Background
The basic protocol for sending data over the Internet network and many other computer networks is the Internet Protocol ("IP"). The header of each IP packet contains, among other things, the numerical source and destination address of the packet. The source address is normally the address that the packet was sent from. By forging the header so it contains a different address, an attacker can make it appear that the packet was sent by a different machine. The machine that receives spoofed packets will send response back to the forged source address, which means that this technique is mainly used when the attacker does not care about the response or the attacker has some way of guessing the response.
In certain cases, it might be possible for the attacker to see or redirect the response to his own machine. The most usual case is when the attacker is spoofing an address on the same LAN or WAN. Hence the attackers have an unauthorized access over computers.
History
The concept of IP spoofing, was initially discussed in academic circles in the 1980's. While known about for sometime, it was primarily theoretical until Robert Morris, whose son wrote the first Internet Worm, discovered a security weakness in the TCP protocol known as sequence prediction. Stephen Bellovin discussed the problem in-depth in Security Problems in the TCP/IP Protocol Suite, a paper that addressed design problems with the TCP/IP protocol suite. Another infamous attack, Kevin Mitnick's Christmas Day crack of Tsutomu Shimomura's machine, employed the IP spoofing and TCP sequence prediction techniques. While the popularity of such cracks has decreased due to the demise of the services they exploited, spoofing can still be used and needs to be addressed by all security administrators.
Applications
IP spoofing is most frequently used in denial-of-service attacks. In such attacks, the goal is to flood the victim with overwhelming amounts of traffic, and the attacker does not care about receiving responses to the attack packets. Packets with spoofed addresses are thus suitable for such attacks. They have additional advantages for this purpose—they are more difficult to filter since each spoofed packet appears to come from a different address, and they hide the true source of the attack. Denial of service attacks that use spoofing typically randomly choose addresses from the entire IP address space, though more sophisticated spoofing mechanisms might avoid unroutable addresses or unused portions of the IP address space. The proliferation of large botnets makes spoofing less important in denial of service attacks, but attackers typically have spoofing available as a tool, if they want to use it, so defenses against denial-of-service attacks that rely on the validity of the source IP address in attack packets might have trouble with spoofed packets. Backscatter, a technique used to observe denial-of-service attack activity in the Internet, relies on attackers' use of IP spoofing for its effectiveness.
IP spoofing can also be a method of attack used by network intruders to defeat network security measures, such as authentication based on IP addresses. This method of attack on a remote system can be extremely difficult, as it involves modifying thousands of packets at a time. This type of attack is most effective where trust relationships exist between machines. For example, it is common on some corporate networks to have internal systems trust each other, so that users can log in without a username or password provided they are connecting from another machine on the internal network (and so must already be logged in). By spoofing a connection from a trusted machine, an attacker may be able to access the target machine without an authentication.
Why Spoof the IP Source Address?
What is the advantage of sending a spoofed packet? It is that the sender has some kind of malicious intention and does not want to be identified. You can use the source address in the header of an IP datagram to trace the sender's location. Most systems keep logs of Internet activity, so if attackers want to hide their identity, they need to change the source address. The host receiving the spoofed packet responds to the spoofed address, so the attacker receives no reply back from the victim host. But if the spoofed address belongs to a host on the same subnet as the attacker, then the attacker can "sniff" the reply. You can use IP spoofing for several purposes; for some scenarios an attacker might want to inspect the response from the target victim (called "nonblind spoofing"), whereas in other cases the attacker might not care (blind spoofing). Following is a discussion about reasons to spoof an IP packet.
Internet Protocol – IP
Internet protocol (IP) is a network protocol operating at layer 3 (network) of the OSI model. It is a connectionless model, meaning there is no information regarding transaction state, which is used to route packets on a network. Additionally, there is no method in place to ensure that a packet is properly delivered to the destination.
Examining the IP header, we can see that the first 12 bytes (or the top 3 rows of the header) contain various information about the packet. The next 8 bytes (the next 2 rows), however, contains the source and destination IP addresses. Using one of several tools, an attacker can easily modify these addresses – specifically the “source address” field. It's important to note that each datagram is sent independent of all others due to the stateless nature of IP. Keep this fact in mind as we examine TCP in the next section.
Transmission Control Protocol – TCP
IP can be thought of as a routing wrapper for layer 4 (transport), which contains the Transmission Control Protocol (TCP). Unlike IP, TCP uses a connection-oriented design. This means that the participants in a TCP session must first build a connection - via the 3-way handshake (SYN-SYN/ACK-ACK) - then update one another on progress - via sequences and acknowledgements. This “conversation”, ensures data reliability, since the sender receives an OK from the recipient after each packet exchange.
As you can see above, a TCP header is very different from an IP header. We are concerned with the first 12 bytes of the TCP packet, which contain port and sequencing information. Much like an IP datagram, TCP packets can be manipulated using software. The source and destination ports normally depend on the network application in use (for example, HTTP via port 80). What's important for our understanding of spoofing are the sequence and acknowledgement numbers. The data contained in these fields ensures packet delivery by determining whether or not a packet needs to be resent. The sequence number is the number of the first byte in the current packet, which is relevant to the data stream. The acknowledgement number, in turn, contains the value of the next expected sequence number in the stream. This relationship confirms, on both ends, that the proper packets were received. It’s quite different than IP, since transaction state is closely monitored.
Consequences of the TCP/IP Design
Now that we have an overview of the TCP/IP formats, let's examine the consequences. Obviously, it's very easy to mask a source address by manipulating an IP header. This technique is used for obvious reasons and is employed in several of the attacks discussed below. Another consequence, specific to TCP, is sequence number prediction, which can lead to session hijacking or host impersonating. This method builds on IP spoofing, since a session, albeit a false one, is built. We will examine the ramifications of this in the attacks discussed below.
Spoofing Attacks
There are a few variations on the types of attacks that successfully employ IP spoofing. Although some are relatively dated, others are very pertinent to current security concerns.
Non-Blind Spoofing
This type of attack takes place when the attacker is on the same subnet as the victim. The sequence and acknowledgement numbers can be sniffed, eliminating the potential difficulty of calculating them accurately. The biggest threat of spoofing in this instance would be session hijacking. This is accomplished by corrupting the datastream of an established connection, then re-establishing it based on correct sequence and acknowledgement numbers with the attack machine. Using this technique, an attacker could effectively bypass any authentication measures taken place to build the connection.
Blind Spoofing
This is a more sophisticated attack, because the sequence and acknowledgement numbers are unreachable. In order to circumvent this, several packets are sent to the target machine in order to sample sequence numbers. While not the case today, machines in the past used basic techniques for generating sequence numbers. It was relatively easy to discover the exact formula by studying packets and TCP sessions. Today, most OSs implement random sequence number generation, making it difficult to predict them accurately. If, however, the sequence number was compromised, data could be sent to the target. Several years ago, many machines used host-based authentication services (i.e. Rlogin). A properly crafted attack could add the requisite data to a system (i.e. a new user account), blindly, enabling full access for the attacker who was impersonating a trusted host.
Rating ip spoofing seminar report Options
Share ip spoofing seminar report To Your Friends :- Seminar Topics Bookmark
Post Reply 

Marked Categories : ppt on internet protocol ip spoofing, ip spoofing presentation download, ip spoffing report, ip spoofing doc, ip spoofing detail seminar report and pdf, technical seminar 0n ipspoofing, ip spoofing abstract, argue that any network using proxy arp is vulnerable to spoofing i e an arbitrary machine can impersonate any other machine, ip spoofing project code, ip spoofing paper presentation, ip spoofing report, seminar topic for ip address in ppt, web and ip spoofing advantages, download ip spoofing, seminar report of ip spoofing, seminar report on ip spoofing, ip spoofing seminar documentation, abstract for ip spoofing, abstract and introduction toip spoofing,

[-]
Quick Reply
Message
Type your reply to this message here.


Image Verification
Image Verification
(case insensitive)
Please enter the text within the image on the left in to the text box below. This process is used to prevent automated posts.

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  CLOUD COMPUTING A SEMINAR REPORT seminar code 0 11 Today 02:31 PM
Last Post: seminar code
  Digital Tampering Detection Techniques: A Review seminar report project maker 0 12 Today 01:58 PM
Last Post: project maker
  SEMINAR REPORT ON SLAMMER WORM: THE FASTEST SPREADING BOMBSHELL ON THE INTERNET seminar code 0 13 Today 11:53 AM
Last Post: seminar code
  REISCHUK’S RANDOMIZED ALGORITHM SEMINAR REPORT seminar code 0 37 Yesterday 12:46 PM
Last Post: seminar code
  AN ATM WITH AN EYE SEMINAR REPORT seminar code 0 23 Yesterday 11:46 AM
Last Post: seminar code
  Remote Method Invocation (RMI) report project girl 1 400 Yesterday 01:43 AM
Last Post: Guest
  THE STUDY SEMINAR REPORT project maker 0 22 18-08-2014 02:11 PM
Last Post: project maker
  INTERNATIONAL COMPENSATION SEMINAR REPORT project maker 0 34 18-08-2014 01:03 PM
Last Post: project maker
  LIFE INSURANCE SEMINAR REPORT project maker 0 34 18-08-2014 12:47 PM
Last Post: project maker
  GOOGLE PROJECT GLASSES SEMINAR REPORT project maker 0 21 18-08-2014 11:42 AM
Last Post: project maker
This Page May Contain What is ip spoofing seminar report And Latest Information/News About ip spoofing seminar report,If Not ...Use Search to get more info about ip spoofing seminar report Or Ask Here

Options: