StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

The IP Spoofing - Essay Example

Cite this document
Summary
This essay "The IP Spoofing" discusses IP spoofing, a topic briefly discussed by Carley, Chen and Longstaff as a hurdle in solving distributed denial-of-service (DDOS) attacks because it hides the source of the attacks. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER92.5% of users find it useful
The IP Spoofing
Read Text Preview

Extract of sample "The IP Spoofing"

The Internet, while being a very crucial part of everybody’s life in this day and age as it interconnects people from across the globe, also poses a lot of danger to its users. While being an indispensable tool of today, it suffers from problems that could dampen or compromise its performance. In this paper, we discuss IP spoofing, a topic briefly discussed by Carley, Chen, and Longstaff as a hurdle in solving distributed denial-of-service (DDOS) attacks because it hides the source of the attacks (108). DDOS and all other internet-based attacks are of primary concern especially to governments and businesses which use the internet in their services. Online banking, marketing, retailing, registration, voting, conferencing and all internet-based transactions actually will be greatly affected if these attacks are not solved or prevented. Businesses would suffer from losses financially and governments would all the more suffer from criticisms as to integrity. It is therefore seriously desired to have a secure connection by all means possible. One way of achieving this is to limit spoofing risks on our networks. We must first understand what spoofing is and how it is achieved before we can discuss its prevention. A spoof as we know it is a parody. We see lots of movies that spoof other movies. What these movie spoofs do is act like or copy the real thing but with twists. In the same vein, spoofing in the Web attempts to gain access to a system by posing as a legitimate user. The only difference is that the results of spoofing the Web is far from funny, it is dangerous. Web spoofing has actually been likened to a con game in which “the attacker sets up a false but convincing world around the victim… that could endanger the privacy of World Wide Web users and the integrity of their data” (Felten et al.). There are several classes of spoofing such as TCP spoofing, where “packets are sent with forged return addresses” (Felten et al.); DNS spoofing, where “the attacker forges information about which machine names correspond to which network addresses” (Felten et al.); and IP spoofing where the attacker changes the source address in the IP datagram header for “some kind of malicious intention and [anonymity]” (Ali). Carley, Chen and Longstaff mentioned only this last class of spoofing and for good reason since it is considered as “one of the most common forms of online camouflage” (Tanase). IP spoofing is spoofing done in the IP Layer of the TCP/IP suite. This layer “provides connectionless service for end systems to communicate across one or more networks” (Stallings 456). In the IP layer, a header of control information is appended to the TCP segment (the original message appended with TCP header) to form the IP datagram. This IP header includes 32-bit source and destination addresses, checksum field, Protocol field, ID, Flags, and Fragment Offset fields. Despite the presence of the checksum field which detects errors to avoid wrong delivery, “IP makes no effort to validate whether the source address in the packet generated by a node is actually the source address of the node… [Attackers can therefore] spoof the source address and the receiver will think the packet is coming from that spoofed address” (Ali). As already mentioned, IP spoofing is used in one of the most difficult attacks to combat – DDOS. Attackers are concerned with making available online sources scarce so they do not worry about completing handshakes and connection setup but rather “wish to flood the victim with as many packets as possible in a short amount of time” (Tanase). Where does IP spoofing come in making it difficult to prevent DDOS? To make the effectiveness of the attack longer, attackers spoof source IP addresses thereby making the tracing and stopping of the DDOS as difficult and slow as possible. What do these attackers get from spoofing that they need to stall it as long as they can? During whatever amount of time that the attack remains unknown and during the time that it is being traced, a number of damage could have been caused. During this time, all data is being exchanged through an unsecure connection. Naturally, surveillance and data tampering could have been performed by the attackers. While the victim is unaware, “the attacker can passively watch the traffic, recording which pages the victim visits and the contents of those pages. When the victim fills out a form, the entered data is transmitted to a Web server, so the attacker can record that too, along with the response sent back by the server” (Felten et al.). This poses a very big threat to businesses employing e-commerce such as Ebay and Paypal as transactions are performed by filling out forms online. While the attacker watches, he can fetch the important account details an unknowing victim enters. Thus, the numerous incidents of online theft which can even include identity theft. As if surveillance is not creepy enough; attackers are also free to alter any of the data exchanged among users of the Web and the Web. Felten et al. cites these examples: … If the victim is ordering a product on-line, the attacker can change the product number, the quantity, or the ship-to address. The attacker can also modify the data returned by a Web server, for example by inserting misleading or offensive material in order to trick the victim or to cause antagonism between the victim and the server. (Felten et al.) And thus the cases of extra or lost purchases which both translate to money loss, one an unplanned expenditure, and the other just plain lost without compensation. Exactly how does this changing the IP source address work? One trick, for these attackers really have a lot of tricks up their sleeves, is URL rewriting. From the term itself, the real URL of a certain website is rewritten such that instead being directed to the real server, the victim will be directed to the attacker’s server. This could go unnoticed by the victim because everything on this false website is the same as that of the real one. To borrow Felten et al.’s example, take the attacker’s server to be on the machine www.attacker.org. To rewrite a website’s URL, the attacker will append http://www.attacker.org at the beginning of the real URL. When visiting Ebay for example, http://www.ebay.com becomes http://www.attacker.org/http://www.ebay.com. Felten et al. explains what happens during a Web Spoofing attack that used URL rewriting after the victim enters his desired Website on the browser’s address bar: (1) The victim’s browser requests the page from the attacker’s server; (2) the attacker’s server requests the page from the real server; (3) the real server provides the page to the attacker’s server; (4) the attacker’s server rewrites the page; (5) the attacker’s server provides the rewritten version to the victim. Once the attacker’s server has fetched the real document needed to satisfy the request, the attacker rewrites all of the URLs in the document into the same special form by splicing http://www.attacker.org/ onto the front. Then the attacker’s server provides the rewritten page to the victim’s browser. Since all of the URLs in the rewritten page now point to www.attacker.org, if the victim follows a link on the new page, the page will again be fetched through the attacker’s server. The victim remains trapped in the attacker’s false Web, and can follow links forever without leaving it. (Felten et al.) Now that we have established how dangerous spoofing is, we turn our attention on how to prevent it. Some short term measures should be taken: 1. Disable JavaScript in your browser so the attacker will be unable to hide the evidence of the attack; 2. make sure your browser’s location line is always visible; [and] 3. pay attention to the URLs displayed on your browser’s location line, making sure they always point to the server you think you’re connected to. (Felten et al.) All of these solutions basically require the users to be vigilant when having transactions over the Internet, which is just about right. However, long term solutions must also be considered like router filtering and encryption and authentication: … ingress and egress filtering on border routers is a great place to start spoofing defense… implement an ACL (access control list) that blocks private IP addresses on downstream interface [which] should not accept addresses with your internal range as the source, as this is a common spoofing technique used to circumvent firewalls. On the upstream interface, restrict source addresses outside of your valid range, which will prevent someone on your network from sending spoofed traffic to the Internet. [Encryption and authentication] will eliminate current spoofing threats. Additionally, eliminate all host-based authentication measures, which are sometimes common for machines on the same subnet. Ensure that the proper authentication measures are in place and carried out over a secure (encrypted) channel. (Tanase) More than prevention, we also want to actually trace the origin of the spoofed packets. “Hop-by-hop traceback and logging of suspicious packets in routers are the two main methods for tracing the spoofed IP packets back to their source” (Ali). Once flood attack is detected at a node, it can inform the Internet Service Provider (ISP) so that the ISP can determine the source of the flood attacks by examining router to router until the actual source is reached or “the end of its administrative domain; for this case it can ask the ISP for the next domain to do the same thing” (Ali). Since routers can determine the IP addresses that should pass through it, at this level, it can determine suspicious packets already. It is apparent that the perfect solution against IP spoofing is still in the works. We know however how dangerous it is and the damage it can do. This understanding, paired with some simple preventive measures, and the use of routers to detect and trace spoofed packets can protect networks against unauthorized access, not letting those attackers win the “con game”. Works Cited Ali, Farha. Cisco. Cisco Systems. Web. 15 November 2009. Carley, Kathleen M., Li-Chiou Chen, and Thomas A. Longstaff. “The Provision of Defenses Against Internet-Based Attacks.” Class Reading. Felten, Edward W., et al. “Web Spoofing: An Internet Con Game.” PDF file. Stallings, William. Data and Computer Communications. New York: Macmillan Publishing Company, 1995. Print. Tanase, Matthew. SecurityFocus. Web. 15 November 2009. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(The IP Spoofing Essay Example | Topics and Well Written Essays - 1500 words - 2, n.d.)
The IP Spoofing Essay Example | Topics and Well Written Essays - 1500 words - 2. https://studentshare.org/information-technology/1729613-questions
(The IP Spoofing Essay Example | Topics and Well Written Essays - 1500 Words - 2)
The IP Spoofing Essay Example | Topics and Well Written Essays - 1500 Words - 2. https://studentshare.org/information-technology/1729613-questions.
“The IP Spoofing Essay Example | Topics and Well Written Essays - 1500 Words - 2”. https://studentshare.org/information-technology/1729613-questions.
  • Cited: 0 times

CHECK THESE SAMPLES OF The IP Spoofing

Spray Tanning Issues

More than 1 million populations of America go to tanning salons to get tan in one day.... Of the customers, 70% are Caucasian girls and women, aged 16 to 49 years.... One remarkably quick method of getting tan is spray tanning.... A large number of spray tanning saloons are spread all over the U....
4 Pages (1000 words) Essay

Denial of service (dos) attacks

The trick in this attack is to ping a target system with excess data packets that exceeds the maximum bytes allowed by TCP/ip protocols suite.... Denial of Service or in short DOS attacks has become easy tools for hackers to use against legitimate and authenticated users.... Most of the hackers commit this type of offence to show off their skills to their friends and to gain respect in underground groups of Internet....
5 Pages (1250 words) Essay

Mobile and Wireless Security

The clients or users are prone to number of attacks like eavesdropping (to ascertain user activities and authentication information), spoofing, jamming, rogue access points, man in middle and denial of service (Godber, A.... The vulnerabilities of a wireless network are required to be overcome to prevent attacks in the form of eavesdropping, spoofing etc, resulting in loss or compromise of sensitive data....
5 Pages (1250 words) Essay

The Precautions for the Use of VLAN

The paper 'The Precautions for the Use of VLAN' presents virtual LAN which is a way to logically segment ports on a switch such that each port acts as an isolated, virtual broadcast domain or network.... VLANs are ideal for ensuring high availability on the network.... hellip; It's pointed out that all ports on the switches that support VLANs are initially configured to be part of the default VLAN – this default VLAN is called VLAN 1....
7 Pages (1750 words) Assignment

Enterprise Info Security

How can the ability to distinguish between programs and data help to construct a defense against buffer overrun/overflow attacks?... hellip; They are thus the basis of many software vulnerabilities and can be maliciously exploited Understanding the difference between data and Buffer overflow/overrun is a form of interference where a program overruns the buffer's boundary and overwrites adjacent memory, while writing data to a buffer....
8 Pages (2000 words) Essay

MITM (Man in the middle) attack

Based on LAN, There are ARP spoofing, DNS spoofing, IP address spoofing, Port stealing, and STP mangling.... Considering through a gateway network( from the local to remote) there are ARP poisoning, DNS spoofing, DHCP spoofing, Gateway spoofing, IRDP spoofing, and ICMP redirection.... ARP spoofing- Address Resolution Protocol(ARP) spoofing also called ARP poisoning or Routing involve the attacker using this technique to sniff LAN data frames and then modify or alter the packets....
2 Pages (500 words) Essay

DOS Attacks as Easy Tools for Hackers

he trick in this attack is to ping a target system with excess data packets that exceed the maximum bytes allowed by TCP/ip protocols suite.... The paper 'DOS Attacks as Easy Tools for Hackers' focuses on DOS attacks has become easy tools for hackers to use against legitimate users....
5 Pages (1250 words) Case Study

Trouble-Shooting and Maintenance Plan of XYZ Company

The company has also instituted firewalls that are placed between the VLAN segments to secure the network switches and to protect the system against spoofing errors.... This assignment "Trouble-Shooting and Maintenance Plan of XYZ Company" focuses on controlling changes to the system that is very crucial and can only be achieved by classifying the required authorization necessary and controlling changes made to the network system on a strict basis....
6 Pages (1500 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us