1 / 16

Spoofing

Spoofing. Keegan Haukaas , Samuel Robertson, Jack Murdock. Overview. Email Spoofing IP Spoofing Web Spoofing. Email Spoofing . P retending to send an email from someone else. Reasons for Email Spoofing. Hide Identity Impersonate Company or Authority. How to Spoof an Email.

nat
Download Presentation

Spoofing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Spoofing Keegan Haukaas, Samuel Robertson, Jack Murdock

  2. Overview • Email Spoofing • IP Spoofing • Web Spoofing

  3. Email Spoofing • Pretending to send an email from someone else

  4. Reasons for Email Spoofing • Hide Identity • Impersonate Company or Authority

  5. How to Spoof an Email • SMTP functions • Insert commands in headers

  6. Examples • Posing as a Bank • Posing as Facebook • Posing as Relative

  7. Mitigating Email Spoofing • Look at address • Read through message • Check links against legitimate site

  8. Reporting Email Spoofing • Legitimate Company/Person • Federal Trade Commission spam@uce.gov

  9. IP Spoofing • IP spoofing is when the IP source address is changed in the packet header • Legitimate uses' of IP Spoofing- Website Testing • Illegitimate uses of IP Spoofing • DoS • Gain entry to System

  10. IP Spoofing (cont.) • Nmap • Ipconfig /all • Nmap –iflist • Nmap –e eth7 –S 10.154.14.138.10.25.17.45 • Defense against IP Spoofing • Packet Filtering • DO NOT rely only on IP address to gain access

  11. Web Spoofing • General techniques: • Similar URL • Copy Site design/code • “Malvertising”

  12. Similar URL • Mistyping • Favebook vs Facebook • Alternate Top-Level Domains • Whitehouse.gov vs Whitehouse.com • Countermeasures: • Purchase the alternate domain, check spelling, check security certificate

  13. Design Hijacking • Copies all (or all accessible) HTML, CSS, JavaScript, etc. • Incorporates design into new site • Most likely also uses a spoofed/similar URL • Check for Security Certificate/HTTPS • Websites need to be verified in some way to be granted a certificate • Countermeasures: • Code obfuscation, closed-source, HTTPS, etc.

  14. Malvertising • Stands for Malicious Advertising • Exploits ads in sites • Attacker puts up “clean” ads, gains reputation • Then injects malicious code into advertisements • “Drive-by” style attacks, or click activation • Attacker hacks site, injects code into banner ads • Countermeasures: • Install AdBlock, don’t click on ads, avoid sites with instrusive/pop-up ads, check site’s reputation

  15. Summary • Email Spoofing • IP Spoofing • Web Spoofing

  16. Q A &

More Related