Save time and money, increase overall network security and ensure regulatory compliance.
Get the fully-functional trial version today

eBusiness Help
FREE White Paper: Stop Random Acts of CRM
Learn more about delivering a seamless customer experience.
Searching for targeted web traffic?
Pay Only For the Traffic You Actually Receive.
Microsoft Webcast
Learn how your small business can capitalize on global trends.

Free Software Archive:
Enterprise and Home Networking Downloads

WebProWorld Networking Forum

Browser bar will not access Paypal URL ?
We have a Sony laptop..vaio PCG F807K ...this worked ok till we managed to pick up a virus...the machine was taken away and all the old memory was wiped and the recovery program re installed...all works ok now but one problem we cannot find a answer too.

Linux, Sun Cobalt [ FTP stop working]
Would any one know what I could do to this Linux OS to get my FTP to work? I can FTP from the Machine to its self and it authenticates, but it is blocking all out side access or its not working I don't know what to do, need Help

SmarterMail Whitelisting
I've got a client who is using SmarterMail Professional Edition v.2.6.1921.27523 I've got domain admin access to the mail server, so I can control the spam filtering and content filtering for all emails within the domain.



Recent Articles

Cisco Walks the FineGround
Cisco Systems announced that it will be taking over data center networking systems maker FineGround Networks, a privately-held company based in Campbell, California.

Rosetta Wireless; Moving Well Past the Stone Age
Rosetta Wireless, based in Oakbrook Terrace IL., gives a great new offering to businesses for through their wireless services that could present safe and secure access to key information in a company's mainframe or network.

VoIP Gets A Big Business Nudge
Revenues for Voice over Internet Protocol (VoIP) services topped $1.3 billion USD last year.

Reuters Thailand Rides the Cisco Express
Cisco announced the today the worldwide news agency called Reuters deployed Thailand's Internet Protocol (IP) telephony site in Thailand with 700 Cisco IP Phone 7960Gs, Cisco IP Phone 7940Gs and Cisco Wireless IP Phone 7920s.

Securing wVoIP
Wireless security software developer Columbitech recently announced wireless VPN support for securing wireless voice applications (wVoIP).

Cisco Certification: The OSI Model Isn't Just For Exams Anymore!
There's nothing I enjoy more than teaching Cisco technologies, especially CCNA candidates. Whether it's in-person or online, everyone's excited to be there.

Cisco Routes New Routers to ISPs
Cisco Systems announced major advancements in their Internet Protocol Next Generation Networks yesterday in the form of router enhancements and new products that will allow ISPs to go the next level of service for their customers.

06.07.05

Introduction: IP Spoofing

By Suhas A Desai

An article on "Security Problems in the TCP/IP Protocol Suite" by S.M.Bellovin in 1989 initially explored IP Spoofing attacks . He described how Robert Morris, creator of the now infamous Internet Worm, figured out how TCP created sequence numbers and forged a TCP packet sequence.

This TCP packet included the destination address of his victim and using as IP spoofing attack Morris was able to obtain root access to his targeted system without a User ID or password.

Introduction:

IP spoofing is a technique used to gain unauthorized access to computers, whereby the attacker sends messages to a computer with a forging IP address indicating that the message is coming from a trusted host. There are a few variations on the types of attacks that using IP spoofing.

Spoofing Attacks:

1.non-blind spoofing


This attack takes place when the attacker is on the same subnet as the target that could see sequence and acknowledgement of packets. The threat of this type of spoofing is session hijacking and an attacker could bypass any authentication measures taken place to build the connection. This is accomplished by corrupting the DataStream of an established connection, then re-establishing it based on correct sequence and acknowledgement numbers with the attack machine.

Save time and money, increase overall network security and ensure regulatory compliance.
Get the fully-functional trial version today

2.Blind spoofing

This attack may take place from outside where sequence and acknowledgement numbers are unreachable. Attackers usually send several packets to the target machine in order to sample sequence numbers, which is doable in older days. Today, most OSs implement random sequence number generation, making it difficult to predict them accurately. If, however, the sequence number was compromised, data could be sent to the target.

3.Man in the Middle Attack

This is also called connection hijacking. In this attacks, a malicious party intercepts a legitimate communication between two hosts to controls the flow of communication and to eliminate or alter the information sent by one of the original participants without their knowledge. In this way, an attacker can fool a target into disclosing confidential information by spoofing the identity of the original sender or receiver. Connection hijacking exploits a "desynchronized state" in TCP communication. When the sequence number in a received packet is not the same as the expected sequence number, the connection is called "desynchronized." Depending on the actual value of the received sequence number, the TCP layer may either discard or buffer the packet. When two hosts are desynchronized enough, they will discard/ignore packets from each other. An attacker can then inject forged packets with the correct sequence numbers and potentially modify or add messages to the communication. This requires the attacker to be located on the communication path between the two hosts in order to replicate packets being sent. The key to this attack is creating the desynchronized state.


4.Denial of Service Attack

IP spoofing is almost always used in denial of service attacks (DoS), in which attackers are concerned with consuming bandwidth and resources by flooding the target with as many packets as possible in a short amount of time. To effectively conducting the attack, attackers spoof source IP addresses to make tracing and stopping the DoS as difficult as possible. When multiple compromised hosts are participating in the attack, all sending spoofed traffic, it is very challenging to quickly block the traffic.

Misconception of IP Spoofing:

A common misconception is that "IP Spoofing" can be used to hide your IP address while surfing the Internet, chatting on-line, sending e-mail, and so forth. This is generally not true. Forging the source IP address causes the responses to be misdirected, meaning you cannot create a normal network conncetion. However, IP spoofing is an integral part of many networks that do not need to see responses.

Detection of IP Spoofing:

We can monitor packets using network-monitoring software. A packet on an external interface that has both its source and destination IP addresses in the local domain is an indication of IP spoofing. Another way to detect IP spoofing is to compare the process accounting logs between systems on your internal network. If the IP spoofing attack has succeeded on one of your systems, you may get a log entry on the victim machine showing a remote access; on the apparent source machine, there will be no corresponding entry for initiating that remote access.

Read the Rest of the Article.


About the Author:
Suhas A Desai

*Undergraduate Computer Engineering Student,Walchand CE,Sangli,INDIA.

*Previous Publications in area "Linux Based Biometrics Security with Smart Card" are include:ISA EXPO 2004,InTech Journal,TX,USA,IEEE Real Time and Embedded System symposium 2005,CA,USA.,e-Smart 2005,France.

*Writes security newsletters and features for many security sites.

About NetworkNewz
NetworkNewz editors, writers and contributors focus on both the big picture and the details of networking. At NetworkNewz our goal is to deliver to you The Key To Network Management.

NetworkNewz is brought to you by:

SecurityConfig.comNetworkingFiles.com
ITmanagementNews.comWebProASP.com
DatabaseProNews.comSQLProNews.com
ITcertificationNews.comSysAdminNews.com
LinuxProNews.comWirelessProNews.com
CProgrammingTrends.comITmanagementNews.com


-- NetworkNewz is an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2005 iEntry, Inc.  All Rights Reserved  Privacy Policy  Legal

archives | advertising info | news headlines | free newsletters | comments/feedback | submit article

The Keys To Network Management Ask Questions in the Networking Forum NetworkNewz News Archives About Us Feedback NetworkNewz Home Page About Article Archive News Downloads WebProWorld Forums Jayde iEntry Advertise Contact