...12/7/2014 IP Spoofing Cisco Systems The Internet Protocol Journal, Volume 10, No. 4 IP Spoofing HOME ABOUT CISCO PUBLICATIONS AND MERCHANDISE THE INTERNET PROTOCOL JOURNAL ISSUES VOLUME 10, NUMBER 4, DECEMBER 2007 Book Review Call for Papers Download PDF Fragments From the Editor IP Spoofing Looking Toward the Future Remembering Itojun Security Standards Layers above IP use the source address in an incoming packet to identify the sender. To communicate with the sender, the receiving station sends a reply by using the source address in the datagram. Because IP makes no effort to validate whether the source address in the packet generated by a node is actually the source address of the node, you can spoof the source address and the receiver will think the packet is coming from that spoofed address. Many programs for preparing spoofed IP datagrams are available for free on the Internet; for example, hping lets you prepare spoofed IP datagrams with just a oneline command, and you can send them to almost anybody in the world. You can spoof at various network layers; for example, you can use Address Resolution Protocol (ARP) spoofing to divert the traffic intended for one station to someone else. The Simple Mail Transfer Protocol (SMTP) is also a target for spoofing; because SMTP does not verify the sender's address, you can send any email to anybody pretending to be someone else. This article focuses on the various types of attacks that involve IP spoofing on networks...
Words: 3181 - Pages: 13
...Information Security Threats Mitigation By Francis Nsofwa Mubanga Keller Graduate School of Management Devry University Professor Sandra Kirkland SE572 July 14th, 2011 Table of Contents Introduction 1 Steps 1 Denial-of-Service attacks (DoS) 1 Distributed Denial-of-Service attacks (DDoS) 1 Masquerading and IP Spoofing attacks 2 Smurf attacks 2 Land .c attacks 2 Man-in-the-Middle attacks 3 Conclusion 3 References 4 Introduction Our company faces the largest information security threat and we need to take steps to mitigate the risks associated with each one of them. Steps Denial-of-Service attacks (DoS) We will analyze the attack as best as we can and implement the correct defense. We will ask ourselves if there are any common packet signatures that are easy to filter against. We will ask ourselves if all attackers hitting a single target if they can be sacrificed. We will also need to find out as to which network the attack is coming from, and if we can verify it (remember that spoofed packets can come from anywhere, including our own network). Once we’ve found a reasonable match for the attack, pass the filters to our upstream provider(s) and seek their help getting them propagated outwards. We will need to make sure we filter or redirect traffic with a minimum amount of actual downtime (Kaeo, 2004). Distributed Denial-of-Service attacks (DDoS) CluB: a Cluster-Based architecture is the method we will use to prevent DDoS attacks...
Words: 789 - Pages: 4
...226 IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 9, NO. 3, JUNE 2001 Network Support for IP Traceback Stefan Savage, David Wetherall, Member, IEEE, Anna Karlin, and Tom Anderson Abstract--This paper describes a technique for tracing anonymous packet flooding attacks in the Internet back toward their source. This work is motivated by the increased frequency and sophistication of denial-of-service attacks and by the difficulty in tracing packets with incorrect, or "spoofed," source addresses. In this paper, we describe a general purpose traceback mechanism based on probabilistic packet marking in the network. Our approach allows a victim to identify the network path(s) traversed by attack traffic without requiring interactive operational support from Internet Service Providers (ISPs). Moreover, this traceback can be performed "post mortem"--after an attack has completed. We present an implementation of this technology that is incrementally deployable, (mostly) backward compatible, and can be efficiently implemented using conventional technology. Index Terms--Computer network management, computer network security, network servers, stochastic approximation, wide-area networks. I. INTRODUCTION D ENIAL-OF-SERVICE attacks consume the resources of a remote host or network, thereby denying or degrading service to legitimate users. Such attacks are among the hardest security problems to address because they are simple to implement, difficult to prevent, and very difficult...
Words: 11860 - Pages: 48
...they never would have imagined. A financial auditor performing their daily tasks identified an error within the company’s financial amounts. They identified that multiple paychecks with modified amounts were sent to an individual. In their attempts to notify appropriate personnel via email, the emails were sniffed; modified and fictitious communications were conducted between the auditor and the attacker. The attacker was then able to gain additional access into more financial records, whereby more modifications were conducted; to include the presidents and other’s salary and then took those deductions and added them to their paycheck. IT personnel were able to identify that an internal system was conducting a man-in-the-middle attack by spoofing an internal Internet Protocol address, whereby all traffic that was sent to a specific location was involuntarily sent to another system. The culprit was lack of access controls, central reporting systems, authentication controls, and a lack of host based intrusion prevention systems. These controls and systems would have prevented this type or at minimal detected this type of attack and could have saved the company many hours of labor costs. -Identify who needs to be notified based on the type and severity of the incident: In incidents such as this, Management must be notified and kept abreast of the situation each step of the way as they will ultimately be held responsible if fault is identified on their end. The Computer Emergency...
Words: 2798 - Pages: 12
...-Describe the nature of the event: A highly technical interference was discovered in the organization's financial reports that rounds off several stealthy methods which puts the company at great risk. This discovery was as a result of an audit carried out by professionals on a routine basis. They noticed that many paychecks which had been doctored were made to a particular person. In a bid to notify the right personnel through mail, the mails were intercepted and fraudulent communications were between the auditor and the attacker. Through this the attacker then gained access to a lot of financial records and altered them; adding the name of the president and that of others in order to deduct money from theirs to add to their own paycheck. However the IT personnel was able to dictate that an internal system had done a middle man attack through an internal internet Protocol address, whereby all traffic meant for a particular location was sent to another system unknowingly. The suspect didn't have the right access control central reporting systems, authentication controls, and a lack of host based intrusion prevention systems. These controls and systems are actually meant to act as guide against this kind of attack and save the company several hours of labor costs. -Who should be notified? In cases like this, the top hierarchy should be alerted and kept informed of the casewhen any move is made becauseeverything stops at their table. The Computer Emergency Response Team or...
Words: 2778 - Pages: 12
...protection from this type of attack. Spoofing: In 2006 banks were targeted by attackers with a spoofing attack. An article written by McMillan (2006) stated that the attackers were able to hack into the banks' ISP servers and redirect traffic from the legitimate banks' websites to a bogus server. The attackers were able to affect about 20 customers by being able to get them to enter in PINs and other personal information (para. 2). There is an article by Zetter (2012) in which a mathematician noticed that several technology companies and other types of companies used a weak DomainKeys Identified Mail (DKIM) that he was able to break and then use to pretend to be high up personnel in that company. In our report we noted you had in-house servers and the firewalls seem properly configured for outside attacks. In 2014, AOL had its mail service attacked, and the attackers used the email address book to send spam to everyone in the address book as the owner of the email. Spoofing is still a viable attack and even with properly configured network and validation methods human error is still a major contributing factor to spoofing. The major threat here comes from employees surfing the internet such as Facebook and answering personal emails. Under the right conditions, a spoofing attack can be extremely dangerous and the credentials stolen can lead to serious system impact. The major financial loss will come from the public perception of a spoofing attack. Exposure...
Words: 2034 - Pages: 9
...the ps3 so you get a depredation of signal and loss of data packets as the connection goes on. 2. If a previously stated standard is not compatible with your adapter you could have issues with your connection not connecting Lab 6.3 Review 1. Um well I could write a book but simply a guest having access to your network could result in any imaginable results on your network to name a few rootkits,Trojan droppers, Remote Access Terminals, Keyloggers, Viruse’s. 2. Setting a MAC filter is a good way to filter who has access to your network its simply like saying Fred has access to the building with his fingerprint being scanned by a biometric scanner. Although this can be spoofed by spoofing your mac but you would still have to find out which macs are allowed and have to make sure the mac your spoofing is not connected so that you do not receive a duplicate error. Lab Review 6.4 1. A AP’s signal would fade naturally the farther from the signal source you go but with the signal going through walls will further degrade the signal depending on the thickness of the wall. So you would have to account for walls or objects that could further degrade your signal from the source. 2. A student in classroom b connect to AP3. The student in classroom A will connect to AP2. A...
Words: 393 - Pages: 2
...The things in this summary include the demonstration and capabilities of GPS Dots, wave bubbles, and GPS Spoofs. GPS Dots are little dots the size of your thumb that have the capabilities to track down the things it is attached to. This is helpful to find the things that are valuable and essential. It is predicted that in the next few years, everyone would have lots of GPS dots for everything they need. Wave bubbles are invisible “bubbles” that stretch for miles and jams or disables the transmissions that are sent from satellites to prevent a person from seeing where you go or what you do. It also prevents satellites from giving information to GPS signal receivers. Wave bubbles are illegal to use. GPS Spoofs are some devices that are easily assembled and they target GPS receivers in which they send bogus information to make the GPS show information that is not sent by the satellite, but sent from the GPS Spoof device. This is used to hack others GPS’. GPS’S effect my life a little. They help me to find places where I want to go (by my IPod) like going to a store, my friends house or finding my friend were he/she is (by the app called “find my Iphone”, where another iOS device can find your device and data. For my parents, it helps them go to places they never been before, and helps them go to the work places or university (since it is far). For my whole family we usually use for recreational purposes, like finding restaurants or theatres. GPS dots would affect me greatly...
Words: 514 - Pages: 3
...Firewalls protecting a single computer are called host based firewalls, software firewalls or client firewalls. While there are many ways to categorize perimeter firewalls, perhaps the most effective way is to look at them in terms of functionality. From a functional standpoint firewalls can be divided into Access Control List based, State Based and Application Proxy firewalls. The easiest way to understand the Access Control based firewall is to consider the fact that they can restrict traffic based on the source IP address of the packet. You would not want a packet coming in from the outside that has an IP address that should be INSIDE your organization. This might be from someone using a “SPOOFED” source IP address to attack your internal network resources. If you were receiving numerous packets from a single IP address this might be from someone trying to perform a Denial of Service (DoS) attack on you. Obviously you would want to block traffic from that IP address. Sometimes this functionality is used to divide departments inside an organization as well. For instance you might want to block the ‘students’ part of your network from the ‘administration’ part of your network in a college or university. 1 In a Sate Based firewall, the firewall keeps track of all outgoing requests coming from inside the network. It keeps them in an area of memory called the ‘state table’. When an...
Words: 421 - Pages: 2
...threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains.1. What are the differences between ZeNmap GUI (Nmap) and Nessus?ZeNmap is used to map a network and Nessus is used to Test a network for vulnerabilities.2. Which scanning application is better for performing a network discovery reconnaissance probing of an IP network infrastructure? Nmaps sole purpose is just that, network probing and recon.3. Which scanning application is better for performing a software vulnerability assessment with suggested remediation steps? Nessus would be a better tool for this operation. While you can find network vulnerabilities with Nmap, it is not used as such.4. How many total scripts (i.e., test scans) does the Intense Scan using ZenMap GUI perform?Port Scanning, OS detection, Version detection, Network Distance, TCP sequence prediction, Trace route5. From the ZenMap GUI pdf report page 6, what ports and services are enabled on the Cisco Security Appliance device? 443/tcp open ssl/http, No exact OS matches for host, Aggressive OS guesses: Cisco Catalyst 1900 Switch, Software v9.00.03 (89%).6. What is the source IP address of the Cisco Security Appliance device (refer to page 6 of the pdf report)? Nmap scan report for 172.30.0.17. How...
Words: 310 - Pages: 2
...On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 6 IP source address spoofing has plagued the Internet for many years. Attackers spoof source addresses to mount attacks and redirect blame. Researchers have proposed many mechanisms to defend against spoofing, with varying levels of success. With the defense mechanisms available today, where do we stand? How do the various defense mechanisms compare? This article first looks into the current state of IP spoofing, then thoroughly surveys the current state of IP spoofing defense. It evaluates data from the Spoofer Project, and describes and analyzes host-based defense methods, router-based defense methods, and their combinations. It further analyzes what obstacles stand in the way of deploying those modern solutions and what areas require further research. Categories and Subject Descriptors: C.2.0 [Computer-Communication Networks]: General— Security and protection General Terms: Performance, Security Additional Key Words and Phrases: IP spoofing, spoofing defense, spoofing packet, packet filtering ACM Reference Format: Ehrenkranz, T. and Li, J. 2009. On the state of IP spoofing defense. ACM Trans. Internet Technol. 9, 2, Article 6 (May 2009), 29 pages. DOI = 10.1145/1516539.1516541 http://doi.acm.org/10.1145/1516539.1516541 1. INTRODUCTION In today’s Internet, attackers can forge the source address of IP packets to both maintain their anonymity and redirect the blame for attacks. When attackers inject...
Words: 14721 - Pages: 59
...IP Spoofing by Farha Ali, Lander University The Internet Protocol, or IP, is the main protocol used to route information across the Internet. The role of IP is to provide best-effort services for the delivery of information to its destination. IP depends on upper-level TCP/IP suite layers to provide accountability and reliability. The heart of IP is the IP datagram, a packet sent over the Internet in a connectionless manner. An IP datagram carries enough information about the network to get forwarded to its destination; it consists of a header followed by bytes of data . The header contains information about the type of IP datagram, how long the datagram should stay on the network (or how many hops it should be forwarded to), special flags indicating any special purpose the datagram is supposed to serve, the destination and source addresses, and several other fields, as shown in Figure 1. Figure 1: The IP Header Layers above IP use the source address in an incoming packet to identify the sender. To communicate with the sender, the receiving station sends a reply by using the source address in the datagram. Because IP makes no effort to validate whether the source address in the packet generated by a node is actually the source address of the node, you can spoof the source address and the receiver will think the packet is coming from that spoofed address. Many programs for preparing spoofed IP datagrams are available for free on the Internet; for example, hping lets...
Words: 3368 - Pages: 14
...Group Utilized Access To the Internet via a Digital Subscribers Line(DSL) 2. Myrtle & Associates & Bellview Law Group are separated by a considerable geographical distance. 3. Current Novell Servers Used by Bellview Law Group are Old. 4. All internal hard cabling runs will be wired with CAT 5e. Current Network Diagram Please See Exhibit (A-1 & A-2) Diagram of Proposed Network Integration Please See Exhibit (B) Challenges to Integrating the Current LANs, Challenges integrating the Myrtle & Associates and Bellview Law Group networks will be presented by the following: * The geographical distance between the two offices (L2TP/IPsec) * Bellview Law Group use of Novell and IPX/SPX instead of TCP/IP Integrating these two networks will be faced by the geographical distance between the two offices where the law firms reside. One solution would be to lease a dedicated line however; this option would be a very expensive one and is unnecessary due to new Virtual Private Network (VPN) technologies such as Layer 2 Tunneling Protocol (L2TP). Layer 2 Tunneling Protocol (L2TP) is a VPN technology allows for communication between two LAN segments separated by geographic distance by means of Point to Point Protocol (PPP) & encryption. Encryption, which is the process of converting the senders “plaintext” to a unreadable altered version of that plaintext called “ciphertext.” This feat is accomplished by using an algorithm, also called a...
Words: 2057 - Pages: 9
...03/30/2014 IS3220 Unit 2 Assignment 1 Selecting Security Countermeasures The primary components that make up a network infrastructure are routers, firewalls, and switches. An attacker may exploit poorly configured network devices. Common vulnerabilities include weak default installation settings, wide open access controls, and devices lacking the latest security patches. Top network level threats include: •Information gathering •Sniffing •Spoofing •Session hijacking •Denial of service Information Gathering Network devices can be discovered and profiled in much the same way as other types of systems. Attackers usually start with port scanning. After they identify open ports, they use banner grabbing and enumeration to detect device types and to determine operating system and application versions. Armed with this information, an attacker can attack known vulnerabilities that may not be updated with security patches. Countermeasures to prevent information gathering include: •Configure routers to restrict their responses to footprinting requests. •Configure operating systems that host network software (for example, software firewalls) to prevent footprinting by disabling unused protocols and unnecessary ports. Sniffing or eavesdropping is the act of monitoring traffic on the network for data such as plaintext passwords or configuration information. With a simple packet sniffer, an attacker can easily read all plaintext traffic. Also, attackers can crack packets...
Words: 650 - Pages: 3
...of unrecoverable revenue associated with site downtime and possible compromise of sensitive confidential data. It is imperative today’s corporate network is configured and prepared to protect itself from external cyber-attacks. Since there is no 100% method to stop external cyber-attacks, attention to detail must be made in regards to proper configuration of the network to include state of the art hardware and software. To include current security patches for both software and hardware respectively. Additionally, hardware and software measures will be limited in their effectiveness without network policies and techniques to protect against external cyber-attacks such as Denial of Service, Distributed Denial of Service, Masquerading and IP Spoofing, Smurf Attacks, Land c Attacks, and Man-in-the-Middle attacks. In close coordination with our IS team engineers and IT network director an approved plan has been incorporated to minimize risk of an effective cyber-attack on our network. Specifically this plan covers a comprehensive review of current network design and interdependencies, Standard Operating Procedures, Emergency Operating Procedures, detailed analysis of every program, service, host, router, switch to include interaction between these services and resources. Testing current system and policies by a certified third...
Words: 735 - Pages: 3
