SlideShare a Scribd company logo

ip spoofing

Download as PPT, PDF
V
vipin soni
Technology
1 of 32
IP Spoofing Sometimes on the internet, a girl named Alice is really a man named Yves
Sources ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Overview ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
TCP/IP in 3 minute or less ,[object Object],[object Object]
TCP/IP in 3 minutes or less Application Transport Interweb Network Access Physical TCP IP
TCP/IP in 3 minute or less ,[object Object],[object Object],[object Object],[object Object]
TCP/IP in 3 minutes or less ,[object Object],[object Object],[object Object],[object Object]
TCP/IP in 3 minutes or less Application Transport Interweb Network Access Physical Application Transport Interweb Network Access Physical Client Using Mozilla HTTP - GET Some Web Server TCP – Port 80 IP – 10.24.1.1 MAC – 00:11:22:33:44:55 1101001001110100110100110101 But what happens if someone is lying??
IP Spoofing – Basic Overview ,[object Object],[object Object],[object Object]
IP Spoofing – Basic Overview ,[object Object],[object Object],[object Object]
IP Spoofing – Basic Overview ,[object Object],[object Object],[object Object],[object Object]
IP Spoofing – The Reset Victim - Bob Sucker - Alice Attacker - Eve 1. SYN – Let’s have a conversation 2. SYN ACK – Sure, what do you want to talk about? 3. RESET – Umm.. I have no idea why you are talking to me 4. No connection – Guess I need to take Bob out of the picture…
IP Spoofing – Mitnick Attack ,[object Object],[object Object],[object Object]
Mitnick Attack 1. Mitnick Flood’s server’s login port so it can no longer respond 2. Mitnick Probes the Workstation to determine the behaviour of its TCP sequence number generator 3. Mitnick discovers that the TCP sequence number is incremented by 128000 each new connection 4. Mitnick forges a SYN from the server to the terminal 5. Terminals responds with an ACK, which is ignored by the flooded port (and not visible to Mitnick) Server Workstation Kevin Mitnick 6. Mitnick fakes the ACK using the proper TCP sequence number 7. Mitnick has now established a one way communications channel
Mitnick Attack – Why it worked ,[object Object],[object Object],[object Object],[object Object]
IP Spoofing - Session Hijack ,[object Object],[object Object],[object Object]
Session Hijack Alice Bob Eve I’m Bob! I’m Alice! 1. Eve assumes a man-in-the-middle position through some mechanism. For example, Eve could use Arp Poisoning, social engineering, router hacking etc... 2. Eve can monitor traffic between Alice and Bob without altering the packets or sequence numbers. 3. At any point, Eve can assume the identity of either Bob or Alice through the Spoofed IP address. This breaks the pseudo connection as Eve will start modifying the sequence numbers
IP Spoofing – DoS/DDoS ,[object Object],[object Object]
DoS Attack Server Attacker Legitimate Users Interweb Fake IPs Service Requests Flood of Requests from Attacker Server queue full, legitimate requests get dropped Service Requests
DoS Attack ,[object Object],[object Object]
DDoS Attack Server (already DoS’d) Attacker Target Servers Interweb 1. Attacker makes large number of SYN connection requests to target servers on behalf of a DoS’d server 2. Servers send SYN ACK to spoofed server, which cannot respond as it is already DoS’d. Queue’s quickly fill, as each connection request will have to go through a process of sending several SYN ACKs before it times out SYN SYN SYN SYN SYN ACK SYN ACK SYN ACK SYN ACK Queue Full
DDoS Attack ,[object Object],[object Object]
IP Spoofing – Defending ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
IP Spoofing continues to evolve ,[object Object],[object Object],[object Object]
Conclusion ,[object Object],[object Object],[object Object]
Questions?
Application Transport Interweb Network Access Physical Application Transport Interweb Network Access Physical
Victim - Bob Sucker - Alice Attacker - Eve
Victim - Bob Sucker - Alice Attacker - Eve Interweb
IP header 0 16 31 Options and Padding Source Address Destination Address Total Length Fragment Offset Header Checksum Time to Live Protocol Identification Type of Service Flags Version IHL Stolen from: http://tarpit.rmc.ca/knight/EE579/mitnik.ppt
TCP header Stolen from: http://tarpit.rmc.ca/knight/EE579/mitnik.ppt 0 16 31 Source Port Destination Port Sequence Number Acknowledgement Number Window Urgent Pointer Options and Padding Checksum Flags Reserved Data Offset
TCP Sequence Numbers Client Server Start SEQ - 1892 Start SEQ - 15562 1. Client transmits 50 bytes 2. Server transmits 20 bytes 3. Client ACKs, sends no data End SEQ - 1942 End SEQ - 15587 SEQ – 1892 ACK – 15562 Size - 50 SEQ – 15562 ACK – 1942 Size - 25 SEQ – 1942 ACK – 15587 Size - 0

Recommended

Ipspoofing
IpspoofingIpspoofing
Ipspoofing
Akhil Kumar
 
CYBER CRIME
CYBER CRIMECYBER CRIME
CYBER CRIME
JASHU JASWANTH
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
Aryan Ragu
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation
AniketPandit18
 
Trojan virus & backdoors
Trojan virus & backdoorsTrojan virus & backdoors
Trojan virus & backdoors
Shrey Vyas
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
arpit.arp
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
Ahmed Ghazey
 

Recommended

Ipspoofing
IpspoofingIpspoofing
Ipspoofing
Akhil Kumar
 
CYBER CRIME
CYBER CRIMECYBER CRIME
CYBER CRIME
JASHU JASWANTH
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
Aryan Ragu
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation
AniketPandit18
 
Trojan virus & backdoors
Trojan virus & backdoorsTrojan virus & backdoors
Trojan virus & backdoors
Shrey Vyas
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
arpit.arp
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
Ahmed Ghazey
 
IP Spoofing
IP SpoofingIP Spoofing
IP Spoofing
Akmal Hussain
 
ip spoofing
ip spoofingip spoofing
ip spoofing
mohan babu
 
Spoofing Techniques
Spoofing TechniquesSpoofing Techniques
Spoofing Techniques
Raza_Abidi
 
Remote Method Invocation
Remote Method InvocationRemote Method Invocation
Remote Method Invocation
ashishspace
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTION
umme ayesha
 
DNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackDNS spoofing/poisoning Attack
DNS spoofing/poisoning Attack
Fatima Qayyum
 
Presentation1
Presentation1Presentation1
Presentation1
Rahul Polara
 
Firewalking
FirewalkingFirewalking
Firewalking
n|u - The Open Security Community
 
I P S P O O F I N G
I P S P O O F I N GI P S P O O F I N G
I P S P O O F I N G
avinashkanchan
 
Man in the middle
Man in the middleMan in the middle
Man in the middle
AhmadThaqifAimanAhma
 
NMap
NMapNMap
NMap
Pritesh Raka
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation
sweetpeace1
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
Kaustubh Padwad
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
gaurav koriya
 
Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing ppt
Anushakp9
 
Intrusion Detection System Project Report
Intrusion Detection System Project ReportIntrusion Detection System Project Report
Intrusion Detection System Project Report
Raghav Bisht
 
Phishing
PhishingPhishing
Phishing
Sreekanth Narendran
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
My ppt..priya
My ppt..priyaMy ppt..priya
My ppt..priya
priya_kp03
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
Roushan Jha
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Cisco
guestd05b31
 
Oss web application and network security
Oss web application and network securityOss web application and network security
Oss web application and network security
Rishabh Mehan
 

More Related Content

What's hot

PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTION
umme ayesha
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
Kaustubh Padwad
 
Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing ppt
Anushakp9
 

What's hot (20)

IP Spoofing
IP SpoofingIP Spoofing
IP Spoofing
 
ip spoofing
ip spoofingip spoofing
ip spoofing
 
Spoofing Techniques
Spoofing TechniquesSpoofing Techniques
Spoofing Techniques
 
Remote Method Invocation
Remote Method InvocationRemote Method Invocation
Remote Method Invocation
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTION
 
DNS spoofing/poisoning Attack
DNS spoofing/poisoning AttackDNS spoofing/poisoning Attack
DNS spoofing/poisoning Attack
 
Presentation1
Presentation1Presentation1
Presentation1
 
Firewalking
FirewalkingFirewalking
Firewalking
 
I P S P O O F I N G
I P S P O O F I N GI P S P O O F I N G
I P S P O O F I N G
 
Man in the middle
Man in the middleMan in the middle
Man in the middle
 
NMap
NMapNMap
NMap
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
 
Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing ppt
 
Intrusion Detection System Project Report
Intrusion Detection System Project ReportIntrusion Detection System Project Report
Intrusion Detection System Project Report
 
Phishing
PhishingPhishing
Phishing
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
My ppt..priya
My ppt..priyaMy ppt..priya
My ppt..priya
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
 

Similar to ip spoofing

Oss web application and network security
Oss web application and network securityOss web application and network security
Oss web application and network security
Rishabh Mehan
 
Internet Security
Internet SecurityInternet Security
Internet Security
Peter R. Egli
 

Similar to ip spoofing (20)

Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Cisco
 
Oss web application and network security
Oss web application and network securityOss web application and network security
Oss web application and network security
 
Module 10 (session hijacking)
Module 10 (session hijacking)Module 10 (session hijacking)
Module 10 (session hijacking)
 
Spoofing
SpoofingSpoofing
Spoofing
 
Sudheer tech seminor
Sudheer tech seminorSudheer tech seminor
Sudheer tech seminor
 
Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijackingCeh v5 module 10 session hijacking
Ceh v5 module 10 session hijacking
 
Network security
Network securityNetwork security
Network security
 
Lecture 7 Attacker and there tools.pptx
Lecture 7 Attacker and there tools.pptxLecture 7 Attacker and there tools.pptx
Lecture 7 Attacker and there tools.pptx
 
Internet security
Internet securityInternet security
Internet security
 
Internet security
Internet securityInternet security
Internet security
 
Network Security
Network SecurityNetwork Security
Network Security
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
31.ppt
31.ppt31.ppt
31.ppt
 
31.ppt
31.ppt31.ppt
31.ppt
 
Network seurity
Network seurityNetwork seurity
Network seurity
 
BADCamp 2017 - Anatomy of DDoS
BADCamp 2017 - Anatomy of DDoSBADCamp 2017 - Anatomy of DDoS
BADCamp 2017 - Anatomy of DDoS
 
Denial of services : limiting the threat
Denial of services : limiting the threatDenial of services : limiting the threat
Denial of services : limiting the threat
 
Ip spoofing & types of attachs using it
Ip spoofing & types of attachs using itIp spoofing & types of attachs using it
Ip spoofing & types of attachs using it
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKS
 
12 types of DDoS attacks
12 types of DDoS attacks12 types of DDoS attacks
12 types of DDoS attacks
 

Recently uploaded

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Recently uploaded (20)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 

ip spoofing

  • 1. IP Spoofing Sometimes on the internet, a girl named Alice is really a man named Yves
  • 2.
  • 3.
  • 4.
  • 5. TCP/IP in 3 minutes or less Application Transport Interweb Network Access Physical TCP IP
  • 6.
  • 7.
  • 8. TCP/IP in 3 minutes or less Application Transport Interweb Network Access Physical Application Transport Interweb Network Access Physical Client Using Mozilla HTTP - GET Some Web Server TCP – Port 80 IP – 10.24.1.1 MAC – 00:11:22:33:44:55 1101001001110100110100110101 But what happens if someone is lying??
  • 9.
  • 10.
  • 11.
  • 12. IP Spoofing – The Reset Victim - Bob Sucker - Alice Attacker - Eve 1. SYN – Let’s have a conversation 2. SYN ACK – Sure, what do you want to talk about? 3. RESET – Umm.. I have no idea why you are talking to me 4. No connection – Guess I need to take Bob out of the picture…
  • 13.
  • 14. Mitnick Attack 1. Mitnick Flood’s server’s login port so it can no longer respond 2. Mitnick Probes the Workstation to determine the behaviour of its TCP sequence number generator 3. Mitnick discovers that the TCP sequence number is incremented by 128000 each new connection 4. Mitnick forges a SYN from the server to the terminal 5. Terminals responds with an ACK, which is ignored by the flooded port (and not visible to Mitnick) Server Workstation Kevin Mitnick 6. Mitnick fakes the ACK using the proper TCP sequence number 7. Mitnick has now established a one way communications channel
  • 15.
  • 16.
  • 17. Session Hijack Alice Bob Eve I’m Bob! I’m Alice! 1. Eve assumes a man-in-the-middle position through some mechanism. For example, Eve could use Arp Poisoning, social engineering, router hacking etc... 2. Eve can monitor traffic between Alice and Bob without altering the packets or sequence numbers. 3. At any point, Eve can assume the identity of either Bob or Alice through the Spoofed IP address. This breaks the pseudo connection as Eve will start modifying the sequence numbers
  • 18.
  • 19. DoS Attack Server Attacker Legitimate Users Interweb Fake IPs Service Requests Flood of Requests from Attacker Server queue full, legitimate requests get dropped Service Requests
  • 20.
  • 21. DDoS Attack Server (already DoS’d) Attacker Target Servers Interweb 1. Attacker makes large number of SYN connection requests to target servers on behalf of a DoS’d server 2. Servers send SYN ACK to spoofed server, which cannot respond as it is already DoS’d. Queue’s quickly fill, as each connection request will have to go through a process of sending several SYN ACKs before it times out SYN SYN SYN SYN SYN ACK SYN ACK SYN ACK SYN ACK Queue Full
  • 22.
  • 23.
  • 24.
  • 25.
  • 27. Application Transport Interweb Network Access Physical Application Transport Interweb Network Access Physical
  • 28. Victim - Bob Sucker - Alice Attacker - Eve
  • 29. Victim - Bob Sucker - Alice Attacker - Eve Interweb
  • 30. IP header 0 16 31 Options and Padding Source Address Destination Address Total Length Fragment Offset Header Checksum Time to Live Protocol Identification Type of Service Flags Version IHL Stolen from: http://tarpit.rmc.ca/knight/EE579/mitnik.ppt
  • 31. TCP header Stolen from: http://tarpit.rmc.ca/knight/EE579/mitnik.ppt 0 16 31 Source Port Destination Port Sequence Number Acknowledgement Number Window Urgent Pointer Options and Padding Checksum Flags Reserved Data Offset
  • 32. TCP Sequence Numbers Client Server Start SEQ - 1892 Start SEQ - 15562 1. Client transmits 50 bytes 2. Server transmits 20 bytes 3. Client ACKs, sends no data End SEQ - 1942 End SEQ - 15587 SEQ – 1892 ACK – 15562 Size - 50 SEQ – 15562 ACK – 1942 Size - 25 SEQ – 1942 ACK – 15587 Size - 0