Tuesday, January 31, 2012

IP Spoofing - The Untracable HACK!

The term IP spoofing is a combination of two different words IP + Spoofing .

IP refers to the connectionless protocol which is responsible for the process of routing up the data packets over the network . Since it is a connectionless protocol hence there is no acknowledgement received to the sender of the message that the it has been received without any flaw at the receiver end. The term spoofing means that the attacker sends the message to a computer indicating that it has came from a trusted source . Hence IP spoofing is the concept of spoofing the identity of a trusted source(victim) and to gain access at the same privilege at which the victim is.

Brief History of IP spoofing

In the April 1989 article entitled: “Security Problems in the TCP/IP Protocol Suite” ,

author S. M Bellovin of AT & T Bell labs was among the first to identify IP spoofing as a

real risk to computer networks. Bellovin describes how Robert Morris, creator of the now

infamous Internet Worm, figured out how TCP created sequence numbers and forged a

TCP packet sequence. This TCP packet included the destination address of his “victim”

and using an IP spoofing attack Morris was able to obtain root access to his targeted

system without a User ID or password.

A common misconception is that "IP spoofing" can be used to hide your IP address while

surfing the Internet, chatting on-line, sending e-mail, and so forth. This is generally not

true. Forging the source IP address causes the responses to be misdirected, meaning you

cannot create a normal network connection. However, IP spoofing is an integral part of

many network attacks that do not need to see responses (blind spoofing).

Detailed Overview of the attack

The heart of network connectivity over the internet is based on the TCP/IP protocol which collectively describes how a connection is established and how the data will be transmitted over the network . Here I will briefly tell the aspects of IP and TCP that are exploited in order to perform the attck.

Here are the models of TCP and IP headers.

Examining the IP header, we can see that the first 12 bytes (or the top 3 rows of the header) contain various information about the packet. The next 8 bytes (the next 2 rows), however, contains the source and destination IP addresses. Using one of several tools, an attacker can easily modify these addresses – specifically the “source address” field. It's important to note that each datagram is sent independent of all others due to the stateless nature of IP. Keep this fact in mind as we examine TCP in the next section.

As you can see above, a TCP header is very different from an IP header. We are concerned with the first 12 bytes of the TCP packet, which contain port and sequencing information. Much like an IP datagram, TCP packets can be manipulated using software. The source and destination ports normally depend on the network application in use (for example, HTTP via port 80). What's important for our understanding of spoofing are the sequence and acknowledgement numbers. The data contained in these fields ensures packet delivery by determining whether or not a packet needs to be resent. The sequence number is the number of the first byte in the current packet, which is relevant to the data stream. The acknowledgement number, in turn, contains the value of the next expected sequence number in the stream. This relationship confirms, on both ends, that the proper packets were received. It’s quite different than IP, since transaction state is closely monitored.

Obviously, it's very easy to mask a source address by manipulating an IP header. This technique is used for obvious reasons and is employed in several of the attacks discussed below. Another consequence, specific to TCP, is sequence number prediction, which can lead to session hijackig or host impersonating.

IP spoofing in brief consists of several interim steps;

• Selecting a target host ( or victim).

• The trust relationships are reviewed to identify a host that has a “trust” relationship

with the target host.

• The trusted host is then disabled and the target’s TCP sequence numbers are sampled.

• The trusted host is then impersonated, the sequence numbers forged (after being

calculated) .

• A connection attempt is made to a service that only requires address-based

authentication (no user id or password).

• If a successful connection is made, the attacker executes a simple command to leave a


Some Common IP spoofing Attacks

Blind spoofing

It is the most sophisticated attack in which the sequence and acknowledgement number are to be determined randomly . The attacker tries to send random packets to the victim in order to examine the pattern of sequence numbers . Modern operating systems use random sequence number generation techniques which makes it very difficult to analyze the sequence and acknowledgement numbers by sending packets.

Non- Blind spoofing

This type of spoofing attack can be performed when both the victim and the attacker are on the same subnet . Then there is a plus point for the attacker as the acknowledgement and sequence number can be sniffed , and hence the hard work of calculating and analyzing them manually is removed.

Man In the Middle Attack

This attack is well understood with its name itself . In this type of attack two trusted sources are involved in a communication when the attacker spoofs the identity of one of the trusted sources . The attacker then controls the flow of communication between the two trusted sources and can even fool the recipient to give confidential information. The attacker can also manipulate the data transfer that is taking place between the two trusted sources.

Countermeasures to IP spoofing

The countermeasures to spoofing will totally depend upon the type of attack and the network setup. Still some of the basic features that can be implemented to prevent IP spoofing attack are by providing encrypted authentication , packet filtering at the router and implementing application based authentication .

IP Spoofing is a problem without an easy solution, since it’s inherent to the design of the TCP/IP suite. Understanding how and why spoofing attacks are used, combined with a few simple prevention methods, can help protect your network from these malicious cloaking and cracking techniques.

Feel Free to Ask Anything.
Hope you like it.
Enjoy and don’t forget to comment.



Anonymous said...

bhai tool ke naam toh bata...sirf attacks likhne se kya hoga...

Anonymous said...

In medical sense, the skull is a bony framework of
the head of animals, including human being.

My homepage; tattoo me now (http://casey.zendesk.com/)

Unknown said...

louis vuitton handbags
michael kors
ray ban watyfarer
tory burch outlet
toms canada
michael kors handbags
guess outlet
belstaff outlet
toms promo code
coach factory
abercrombie & fitch
retro 11
jordan 11 low
louis vuitton outlet stores
discount oakley sunglasses
coach outlet online
burberry handbags
jordan 11 concord low
michael kors outlet
ugg australia
jordan 11s
louis vuitton handbags
rayban sunglasses
jordan 11
jordan retro 8
adidas wings
marc jacobs outlet
burberry bags
louis vuitton
lululemon headbands
toms wedges
canada goose sale
ray ban clubmaster
michael kors outlet online
jordan 6 rings
abercrombie store
abercrombie & fitchfitch
rayban sunglasses
coach factory outlet

chenlina said...

jordan retro 11
louis vuitton
louis vuitton outlet
hollister outlet
gucci outlet
ugg boots
timberland outlet
vans shoes sale
oakley outlet
nike trainers uk
chanel bags
louis vuitton handbags
louis vuitton outlet stores
uggs on sale
abercrombie and fitch
michael kors outlet
air max 95
canada goose jackets
louis vuitton outlet
oakkey sunglasses
ray ban sunglasses outlet
louis vuitton outlet
louis vuitton outlet
replica rolex watches
kobe bryant shoes
ralph lauren outlet
replica watches
louis vuitton outlet
tory burch outlet
cheap ugg boots
air jordans
coach factory outlet online
oakley sunglasses
uggs for women
canada goose coats
prada handbags
abercrombie and fitch
coach factory outlet
nike air max

Unknown said...

jordan retro
adidas ultra boost
true religion outlet
air jordan shoes
adidas neo
longchamp outlet
adidas superstar UK
cheap tiffanys
adidas tubular x

Unknown said...

nhl jerseys
michael kors handbags clearance
nike air max 90
nike shoes
new balance 999
coach outlet store online
burberry sale
michael kors outlet clearance
coach outlet online
polo shirts wholesale

jan said...

نقل عفش من الرياض الى البحرين نقل عفش من الرياض الى البحرين

نقل عفش من الرياض الى سلطنة عمان نقل عفش من الرياض الى سلطنة عمان

Post a Comment

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Web Hosting Bluehost