Upload
debarghya-kundu
View
232
Download
0
Embed Size (px)
Citation preview
8/2/2019 Spoofing 1
1/29
WHAT YOU SEE
IS NOT
8/2/2019 Spoofing 1
2/29
KALLOL CHAKMA
MCE-04505189
DEBARGHYA KUNDU SETU
MCE-04505187
MD. HEDAYET HOSSAIN
MCE-04505191
8/2/2019 Spoofing 1
3/29
Spoofing is the action of making somethinglook like something that it is not in order to
gain unauthorized access to a user's privateinformation.
The term spoofingis also sometimes used to
refer to header forgery.
8/2/2019 Spoofing 1
4/29
The context of network security, a spoofing
attack is a situation in which one person orprogram successfully masquerades as anotherby falsifying data and thereby gaining anillegitimate advantage.
8/2/2019 Spoofing 1
5/29
IP address spoofing Email spoofingCaller ID spoofing Website spoofingMAC spoofing ARP spoofingDNS spoofing Protocol spoofingSMS spoofing Login spoofing
http://en.wikipedia.org/wiki/IP_address_spoofinghttp://en.wikipedia.org/wiki/Email_spoofinghttp://en.wikipedia.org/wiki/Caller_ID_spoofinghttp://en.wikipedia.org/wiki/Website_spoofinghttp://en.wikipedia.org/wiki/MAC_spoofinghttp://en.wikipedia.org/wiki/ARP_spoofinghttp://en.wikipedia.org/wiki/DNS_spoofinghttp://en.wikipedia.org/wiki/Protocol_spoofinghttp://en.wikipedia.org/wiki/SMS_spoofinghttp://en.wikipedia.org/wiki/Login_spoofinghttp://en.wikipedia.org/wiki/Login_spoofinghttp://en.wikipedia.org/wiki/Login_spoofinghttp://en.wikipedia.org/wiki/Login_spoofinghttp://en.wikipedia.org/wiki/SMS_spoofinghttp://en.wikipedia.org/wiki/SMS_spoofinghttp://en.wikipedia.org/wiki/SMS_spoofinghttp://en.wikipedia.org/wiki/Protocol_spoofinghttp://en.wikipedia.org/wiki/Protocol_spoofinghttp://en.wikipedia.org/wiki/Protocol_spoofinghttp://en.wikipedia.org/wiki/DNS_spoofinghttp://en.wikipedia.org/wiki/DNS_spoofinghttp://en.wikipedia.org/wiki/DNS_spoofinghttp://en.wikipedia.org/wiki/ARP_spoofinghttp://en.wikipedia.org/wiki/ARP_spoofinghttp://en.wikipedia.org/wiki/ARP_spoofinghttp://en.wikipedia.org/wiki/MAC_spoofinghttp://en.wikipedia.org/wiki/MAC_spoofinghttp://en.wikipedia.org/wiki/MAC_spoofinghttp://en.wikipedia.org/wiki/Website_spoofinghttp://en.wikipedia.org/wiki/Website_spoofinghttp://en.wikipedia.org/wiki/Website_spoofinghttp://en.wikipedia.org/wiki/Caller_ID_spoofinghttp://en.wikipedia.org/wiki/Caller_ID_spoofinghttp://en.wikipedia.org/wiki/Caller_ID_spoofinghttp://en.wikipedia.org/wiki/Email_spoofinghttp://en.wikipedia.org/wiki/Email_spoofinghttp://en.wikipedia.org/wiki/Email_spoofinghttp://en.wikipedia.org/wiki/IP_address_spoofinghttp://en.wikipedia.org/wiki/IP_address_spoofinghttp://en.wikipedia.org/wiki/IP_address_spoofing8/2/2019 Spoofing 1
6/29
IP address spoofing or IP spoofing refers to the
creation of Internet Protocolpackets with a forged
source IP address, called spoofing, with the
purpose of concealing the identity of the sender or
impersonating another computing system.
http://en.wikipedia.org/wiki/Internet_Protocolhttp://en.wikipedia.org/wiki/Packet_(information_technology)http://en.wikipedia.org/wiki/IP_addresshttp://en.wikipedia.org/wiki/IP_addresshttp://en.wikipedia.org/wiki/Packet_(information_technology)http://en.wikipedia.org/wiki/Internet_Protocol8/2/2019 Spoofing 1
7/29
Email spoofing may occur in different forms,but all have a similar result: a user receivesemail that appears to have originated from onesource when it actually was sent from another
source. Email spoofing is often an attempt totrick the user into making a damagingstatement or releasing sensitive information
8/2/2019 Spoofing 1
8/29
Caller ID spoofingis the practice of causingthe telephone network to display a number onthe recipient's Caller ID Display that is not
that of the actual originating station.
8/2/2019 Spoofing 1
9/29
Web spoofing is a kind of electronic con gamein which the attacker creates a convincing butfalse copy of the entire World Wide Web. The
false Web looks just like the real one: it has allthe same pages and links. However, theattacker controls the false Web, so that allnetwork traffic between the victims browser
and the Web goes through the attacker.
http://en.wikipedia.org/wiki/Website_spoofinghttp://en.wikipedia.org/wiki/Website_spoofinghttp://en.wikipedia.org/wiki/Website_spoofinghttp://en.wikipedia.org/wiki/Website_spoofing8/2/2019 Spoofing 1
10/29
The MAC address of the network card is a
unique identifier assigned to each Ethernet
card. Network administrators can locally
find the MAC address of a machine by either
sniffing traffic from the wire or bydownloading ARP tables from routers.
Therefore, hackers on internal networks
(such as corporations or universities) will
often try to hide their MAC address.
http://en.wikipedia.org/wiki/MAC_spoofinghttp://en.wikipedia.org/wiki/MAC_spoofinghttp://en.wikipedia.org/wiki/MAC_spoofinghttp://en.wikipedia.org/wiki/MAC_spoofing8/2/2019 Spoofing 1
11/29
ARP spoofingis a computer hacking techniquewhereby an attacker sends fake orspoofed ADDRESS RESOLUTION
PROTOCOL messages onto a Local AreaNetwork. Generally, the aim is to associate theattacker's MAC Address with the IP Address ofanother host (such as the default gateway),
causing any traffic meant for that IP address tobe sent to the attacker instead.
8/2/2019 Spoofing 1
12/29
DNS spoofing(or DNS cache poisoning) isa computer hacking attack, whereby data isintroduced into a Domain Name
System (DNS) name servers cache database,causing the name server to return anincorrect IP Address ,diverting traffic toanother computer (often the attacker's)
http://en.wikipedia.org/wiki/DNS_spoofinghttp://en.wikipedia.org/wiki/DNS_spoofinghttp://en.wikipedia.org/wiki/DNS_spoofinghttp://en.wikipedia.org/wiki/DNS_spoofing8/2/2019 Spoofing 1
13/29
Protocol spoofingis used in datacommunications to improve performance insituations where an existing protocol is
inadequate, for example due to long delays orhigh error rates.
http://en.wikipedia.org/wiki/Protocol_spoofinghttp://en.wikipedia.org/wiki/Protocol_spoofinghttp://en.wikipedia.org/wiki/Protocol_spoofinghttp://en.wikipedia.org/wiki/Protocol_spoofing8/2/2019 Spoofing 1
14/29
SMS spoofingis a relatively new technologywhich uses the (SMS), available on most mobilephones and personal digital assistants, to set
who the message appears to come from byreplacing the originating mobile number(Sender ID) with alphanumeric text.
http://en.wikipedia.org/wiki/SMS_spoofinghttp://en.wikipedia.org/wiki/SMS_spoofinghttp://en.wikipedia.org/wiki/SMS_spoofinghttp://en.wikipedia.org/wiki/SMS_spoofing8/2/2019 Spoofing 1
15/29
Login spoofingare techniques used to steal auser's password. The user is presented with anordinary looking login prompt for username
and password, which is actually a maliciousprogram, usually called a Trojan Horse underthe control of the attacker. When the usernameand password are entered, this information is
logged or in some way passed along to theattacker, breaching security.
http://en.wikipedia.org/wiki/Login_spoofinghttp://en.wikipedia.org/wiki/Login_spoofinghttp://en.wikipedia.org/wiki/Login_spoofinghttp://en.wikipedia.org/wiki/Login_spoofing8/2/2019 Spoofing 1
16/29
IP spoofing is a technique used to gainunauthorized access to computers, where bythe attacker sends messages to a computer with
a forging IP address indicating that themessage is coming from a trusted host.
Attacker puts an internal, or trusted, IP addressas its source. The access control device sees the
IP address as trusted and lets it through.
8/2/2019 Spoofing 1
17/29
Uses for IP spoofing include thefollowing: IP spoofing is usually limited to the
injection of malicious data orcommands into an existing stream ofdata.A hacker changes the routing tables to
point to the spoofed IP address, thenthe hacker can receive all the networkpackets that are addressed to thespoofed address and reply just as anytrusted user can.
8/2/2019 Spoofing 1
18/29
Basic Concept of IP Spoofing
A
10.10.10.1
www.carleton.ca
134.117.1.60
http://www.carleton.ca
10.10.10.1
Src_IP
134.117.1.60
dst_IP
Any (>1024)
Src_port
80
dst_port
11.11.11.1
Src_IP
134.117.1.60
dst_IP
Any (>1024)
Src_port
80
dst_port
spoofed
8/2/2019 Spoofing 1
19/29
sender
victim
partner
Oh, my partner sentme a packet. Ill
process this.
8/2/2019 Spoofing 1
20/29
Man-in-the-Middle attack In a Man-in-the-Middle attack, the message sent to a
recipient is intercepted by a third-party whichmanipulates the packets and resends it ownmessage.
Denial of Service (DoS) Attack A DoS attack is when a attacker floods a system with
more packets than its resources can handle.
8/2/2019 Spoofing 1
21/29
If you monitor packets using network-monitoringsoftware such as netlog, look for a packet on yourexternal interface that has both its source anddestination IP addresses in your local domain. If you
find one, you are currently under attack.
8/2/2019 Spoofing 1
22/29
Monitoring packets using network monitoringsoftware.
Installing a filtering router because Packet
filtering is one defense against IP spoofingattacks
It is also recommended to design networkprotocols and services so that they do not relyon the IP source address for authentication.
8/2/2019 Spoofing 1
23/29
To prevent IP spoofing happen in your network, thefollowing are some common practices:
1- Avoid using the source address authentication. Implementcryptographic authentication system-wide.
2- Configuring your network to reject packets from the Net thatclaim to originate from a local address.
If you allow outside connections from trusted hosts, enable
encryption sessions at the router.
8/2/2019 Spoofing 1
24/29
Email spoofing is email activity in which thesender address and other parts of the emailheader are altered to appear as though the emailoriginated from a different source. Because core
SMTP doesn't provide any authentication, it iseasy to impersonate and forge emails.
Altering the header of an email so that the emailappears to be sent from someone else.
Although there are legitimate uses, thesetechniques are also commonly used in spam andphishing emails to hide the origin of the emailmessage.
8/2/2019 Spoofing 1
25/29
Really?
8/2/2019 Spoofing 1
26/29
8/2/2019 Spoofing 1
27/29
Check the content of the email:
Is the content weird in some way, or really unexpected
from the sender? Does it contain a form?
Does it request to either confirm or update login or anykind of information?
Check the header of the email
8/2/2019 Spoofing 1
28/29
Mail Server Authentication
Digitally Signed Email with Desktop Verification
Digitally Signed Email with Gateway Verification
Mail Server IP Verification
8/2/2019 Spoofing 1
29/29