The Net's Best Services, Programs, Software, and More!
Internet Security


IP Spoofing

IP Spoofing...

Criminals have long employed the tactic of masking their true identity, from disguises to aliases to caller-id blocking. It should come as no surprise then, that criminals who conduct their malicous activities on networks and computers should employ such techniques. IP spoofing is one of the most common forms of online camouflage. When using IP spoofing, an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine by “spoofing” the IP address of that machine. Here we will take a look at the concepts of IP spoofing: why it is possible, how it works, what it is used for and how to fight it.

When IP Spoofing Started

IP spoofing was initially discussed in academic circles in the 80's. While known about for some time, it was primarily theoretical until someone discovered a security weakness in the TCP protocol known as sequence prediction. The problem then became duscussed in-depth in 'Security Problems in the TCP/IP Protocol Suite'. Soon after, an infamous attack, which employed the IP spoofing and TCP sequence prediction techniques were used. While the popularity of such cracks has decreased due to the demise of the services they exploited, spoofing can still be used and needs to be addressed by all security administrators.

The structure of the TCP/IP Protocol Suite

Internet Protocol – IP

Internet protocol (IP) is a network protocol operating at layer 3 (network) of the OSI model. It is a connectionless model, meaning there is no information regarding transaction state, which is used to route packets on a network. Additionally, there is no method in place to ensure that a packet is properly delivered to the destination.

Examining the IP header, we should be able to see that the first 12 bytes (or the top 3 rows of the header) contain various information about the packet. The next 8 bytes (the next 2 rows), however, contains the source and destination IP addresses. Using one of several tools, an attacker can easily modify these addresses – specifically the “source address” field. It's important to note that each datagram is sent independent of all others due to the stateless nature of IP.

Transmission Control Protocol – TCP

IP is thought of as a routing wrapper for layer 4 (transport), which contains the Transmission Control Protocol (TCP). Different than IP, TCP uses a connection-oriented design. This means that the participants in a TCP session must first build a connection - via the 3-way communication (SYN-SYN/ACK-ACK) - then update one another on progress - via sequences and acknowledgements. This “conversation”, ensures data reliability, since the sender receives an OK from the recipient after each packet exchange.

A TCP header is very different from an IP header

We should be concerned with the first 12 bytes of the TCP packet, which contain port and sequencing information. Much like an IP datagram, TCP packets can be manipulated using software. The source and destination ports normally depend on the network application in use (for example, HTTP via port 80). What's important for our understanding of spoofing are the sequence and acknowledgement numbers. The data contained in these fields ensures packet delivery by determining whether or not a packet needs to be re-sent. The sequence number is the number of the first byte in the current packet, which is relevant to the data stream. The acknowledgement number, in turn, contains the value of the next expected sequence number in the stream. This relationship will confirm, on both ends, that the proper packets were received. It’s different than IP, since transaction is closely monitored.

Consequences of the TCP/IP Design

Now examine the TCP/IP design consequences. It's very easy to mask a source address by manipulating an IP header. This technique is used for obvious reasons and is employed in several types of security attacks. Another consequence of TCP, is the sequence number prediction, which can lead to session hijacking or host impersonating. This method builds on IP spoofing, since a session... even a false one, is built. Consider the ramifications of this in the attacks mentioned in Part 2...

You will find much more on this topic at WorldsLargestNetwork.com

  Home
  Partners
  $100000 Club
  Is Free.. Free?
  Free Games
  Custom Software
  Website Hosting

WorldsLargestNetwork.com








Is Free really Free?








Spyware Scanner will Scan Your PC for Malicious Spyware or Adware Free!

Home | Partner with the Best
Worlds Largest Network

Active © WorldsLargestNetwork.com; All Rights Reserved