Chap11 Spoofing Attack
Download
Report
Transcript Chap11 Spoofing Attack
CHAPTER 11
Spoofing Attack
INTRODUCTION
Definition
Spoofing is the act of using one machine in
the network communication to impersonate
another.
The objective is providing false information
about principal’s identity to obtain unauthorized
access to systems and their services
Spoofing Is Tampering Activity
Spoofing is a tampering activity because the
hacker convinces a host computer that the
hacker is another, trusted host computer, and
therefore should receive information.
INTRODUCTION
Spoofing Is Identity Forgery
The concept of assuming the identity of
another is central to the nature of the spoof
Example: IP spoofing attack
Spoofing Is an Active Attack Against
Identity Checking Procedures
Spoofing at its core involves sending message
that is not what is claims to be
Message that been sent belong to different
people more trusted than the actual
Identity of the sender was left recorded in
error
INTRODUCTION
Spoofing Is Possible at All Layers of
Communication
Spoofing can operate at all layers in between
the client and server
For example: the simplest level of spoof
involves physically overpowering or incepting
trusted communication
Splicing into a trusted fiber optic link and
inserting malicious streams of data is a
definite spoof
INTRODUCTION
Spoofing Is Always Intentional
Somebody plan to do it either directly or
indirectly
Such as malfunction or misconfiguration that
cause the network down is treat as spoofing
attack
Spoofing May Be Blind or Informed
Blind spoofing involves submitting identifying
information without the full breadth of
knowledge that the legitimate user has access
to
INTRODUCTION
Attacker can only send and has to make
assumptions or guess about reply
Informed attacks in which the attacker can
monitor
Participate in bidirectional communications
Spoofing does not involve supplying the exact
credentials of the legitimate identity
INTRODUCTION
Spoofing Is Not the Same Thing as
Betrayal
Users abuse their powers and cause a security
breach, they’ve not spoofed anything
They were granted the power and the
freedom to use them
Spoofing Is Nothing New
Attack against identity are nothing new in
human existence
INTRODUCTION
Spoofing Is Not Always Malicious
Spoofing is not always attack
Some network redundancy schemes rely on
automated spoofing in order to take over the
identity of a downed server
TYPES OF SPOOFING
TCP/IP Spoofing
A hacker can use IP source routing to specify a
direct route to a destination and a return path
back to the origination.
The hacker is able to intercept or modify
transmissions without encountering packets
destined for the true host by using routers.
Thus, the IP spoofing attack is an extraordinary
method of gaining access because in it, the
cracker never uses a username or password.
IP spoofing is quite complex and very easily
prevented.
TYPES OF SPOOFING
Hyperlink Spoofing
Hyperlink spoofing is one common attack
hackers can use against computer
communications using the hypertext transport
protocol (HTTP).
Hackers can perform attacks on the Secure
Socket Layers (SSL) server authentication
protocol used in creating secure Web browsers
and servers.
A “man-in-the-middle” hacker can persuade the
browser to connect to a fake server while the
browser presents the usual appearances of a
secure session.
TYPES OF SPOOFING
Web Spoofing
Web spoofing allows the hacker to observe or
modify any data going from the victim to Web
servers.
The hacker can control all return traffic from
Web servers to the victim.
The false Web looks like the real one, including
all the same pages and links as the real Web.
However, the hacker completely controls the
false Web so that all network traffic between the
victim’s browser and the Web goes through the
hacker.
IMPACTS OF SPOOFING
Subtle Spoofs And Economic Sabotage
Subtlety Will Get You Everywhere
Selective Failure for Selecting Recovery
Attacking SSL through Intermittent
Failures
WHAT TO SPOOF?
For the moment the list of vulnerable services is
short indeed:
Configuration using Sun RPC calls
Sun RPC refers to Sun Microsystems' standard of
Remote Procedure Calls, which are methods of
issuing system calls that work transparently over
networks.
Network service that
address authentication
utilizes
IP
IP address authentication uses the IP address as
an index.
WHAT TO SPOOF?
The target machine authenticates a session
between itself and other machines by examining
the IP address of the requesting machine.
The R services
In the UNIX environment, the R services are
rlogin and rsh. The r represents the word
remote. These two programs are designed to
provide users with remote access to other
machines on the Internet.
The R services are vulnerable to IP spoofing
attacks.
SPOOFING PROTECTION
TCP/IP Spoofing
The best defense against IP spoofing attacks is
to filter packets as the packets enter your router
from the Internet, thereby blocking any packet
that claims to have originated inside your local
domain.
This is most commonly done with a router.
Some of the router brands that support packetfiltering include:
1. Bay Networks/Wellfleet, version 5 and later
2. Cabletron with LAN secure
3. Cisco, RIS software version 9.21 and later
SPOOFING PROTECTION
Hyperlink Spoofing
One possible solution to prevent hyperlink
spoofing is to make the users’ browsers start up
on a secure page, so that users can trust their
initial links and a hacker can never send them
anywhere suspicious.
trustworthy sites can be determined based on
the following two criteria:
1. The site is securely-run.
2.
The site only serves pages with hyperlinks
to sites that are run securely.
SPOOFING PROTECTION
Web Spoofing
Although Web spoofing is nearly an undetectable
security attack, the best defense is:
1. Disable JavaScript, Java, and VBScript in your
browser so the hacker cannot hide the evidence
of the attack.
2. Make sure your browser’s location line is
always visible.
3. Pay attention to the URLs your browser’s
location line displays, making sure the URLs
always point to the server to which you think
you are connected.