170 likes | 183 Views
Gain a thorough understanding of spoofing attacks, including their definition, different types such as TCP/IP spoofing, hyperlink spoofing, and web spoofing, and their impacts on systems. Learn about spoofing protection measures.
E N D
CHAPTER 11 Spoofing Attack
INTRODUCTION • Definition • Spoofing is the act of using one machine in the network communication to impersonate another. • The objective is providing false information about principal’s identity to obtain unauthorized access to systems and their services • Spoofing Is Tampering Activity • Spoofing is a tampering activity because the hacker convinces a host computer that the hacker is another, trusted host computer, and therefore should receive information.
INTRODUCTION • Spoofing Is Identity Forgery • The concept of assuming the identity of another is central to the nature of the spoof • Example: IP spoofing attack • Spoofing Is an Active Attack Against Identity Checking Procedures • Spoofing at its core involves sending message that is not what is claims to be • Message that been sent belong to different people more trusted than the actual • Identity of the sender was left recorded in error
INTRODUCTION • Spoofing Is Possible at All Layers of Communication • Spoofing can operate at all layers in between the client and server • For example: the simplest level of spoof involves physically overpowering or incepting trusted communication • Splicing into a trusted fiber optic link and inserting malicious streams of data is a definite spoof
INTRODUCTION • Spoofing Is Always Intentional • Somebody plan to do it either directly or indirectly • Such as malfunction or misconfiguration that cause the network down is treat as spoofing attack • Spoofing May Be Blind or Informed • Blind spoofing involves submitting identifying information without the full breadth of knowledge that the legitimate user has access to
INTRODUCTION • Attacker can only send and has to make assumptions or guess about reply • Informed attacks in which the attacker can monitor • Participate in bidirectional communications • Spoofing does not involve supplying the exact credentials of the legitimate identity
INTRODUCTION • Spoofing Is Not the Same Thing as Betrayal • Users abuse their powers and cause a security breach, they’ve not spoofed anything • They were granted the power and the freedom to use them • Spoofing Is Nothing New • Attack against identity are nothing new in human existence
INTRODUCTION • Spoofing Is Not Always Malicious • Spoofing is not always attack • Some network redundancy schemes rely on automated spoofing in order to take over the identity of a downed server
TYPES OF SPOOFING • TCP/IP Spoofing • A hacker can use IP source routing to specify a direct route to a destination and a return path back to the origination. • The hacker is able to intercept or modify transmissions without encountering packets destined for the true host by using routers. • Thus, the IP spoofing attack is an extraordinary method of gaining access because in it, the cracker never uses a username or password. • IP spoofing is quite complex and very easily prevented.
TYPES OF SPOOFING • Hyperlink Spoofing • Hyperlink spoofing is one common attack hackers can use against computer communications using the hypertext transport protocol (HTTP). • Hackers can perform attacks on the Secure Socket Layers (SSL) server authentication protocol used in creating secure Web browsers and servers. • A “man-in-the-middle” hacker can persuade the browser to connect to a fake server while the browser presents the usual appearances of a secure session.
TYPES OF SPOOFING • Web Spoofing • Web spoofing allows the hacker to observe or modify any data going from the victim to Web servers. • The hacker can control all return traffic from Web servers to the victim. • The false Web looks like the real one, including all the same pages and links as the real Web. • However, the hacker completely controls the false Web so that all network traffic between the victim’s browser and the Web goes through the hacker.
IMPACTS OF SPOOFING • Subtle Spoofs And Economic Sabotage • Subtlety Will Get You Everywhere • Selective Failure for Selecting Recovery • Attacking SSL through Intermittent Failures
WHAT TO SPOOF? • For the moment the list of vulnerable services is short indeed: • Configuration using Sun RPC calls • Sun RPC refers to Sun Microsystems' standard of Remote Procedure Calls, which are methods of issuing system calls that work transparently over networks. • Network service that utilizes IP address authentication • IP address authentication uses the IP address as an index.
WHAT TO SPOOF? • The target machine authenticates a session between itself and other machines by examining the IP address of the requesting machine. • The R services • In the UNIX environment, the R services are rlogin and rsh. The r represents the word remote. These two programs are designed to provide users with remote access to other machines on the Internet. • The R services are vulnerable to IP spoofing attacks.
SPOOFING PROTECTION • TCP/IP Spoofing • The best defense against IP spoofing attacks is to filter packets as the packets enter your router from the Internet, thereby blocking any packet that claims to have originated inside your local domain. • This is most commonly done with a router. • Some of the router brands that support packet-filtering include: • 1. Bay Networks/Wellfleet, version 5 and later • 2. Cabletron with LAN secure • 3. Cisco, RIS software version 9.21 and later
SPOOFING PROTECTION • Hyperlink Spoofing • One possible solution to prevent hyperlink spoofing is to make the users’ browsers start up on a secure page, so that users can trust their initial links and a hacker can never send them anywhere suspicious. • trustworthy sites can be determined based on the following two criteria: • 1.The site is securely-run. • 2.The site only serves pages with hyperlinks to sites that are run securely.
SPOOFING PROTECTION • Web Spoofing • Although Web spoofing is nearly an undetectable security attack, the best defense is: • 1. Disable JavaScript, Java, and VBScript in your browser so the hacker cannot hide the evidence of the attack. • 2. Make sure your browser’s location line is always visible. • 3. Pay attention to the URLs your browser’s location line displays, making sure the URLs always point to the server to which you think you are connected.