Intrusion Detection and Hackers Exploits

WEB Spoofing Attack

A SEMINAR
PRESENTED BY
NIDHI KUMARI
IT 6th Sem
Roll No 0214IT081032
SUBMITTED TO
Mr. ARVIND SIR
LECT. VITS ,JBP
Web Spoofing:
 What is Spoofing ?
 is a situation in which one person or
program successfully masquerades as
another by falsifying information and
thereby gaining an illegitimate advantage.
 Type of spoofing :
 IP Spoof
 Web Spoof
 E-mail Spoof
 Non Technical Spoof
 Wanna know about IP
Spoofing ?
 The creation of IP packets with a forged
source.
 The purpose of it is to conceal the
identity of the sender or impersonating
another computing system.
 Three-way handshake
SYN(A)
Intruder ACK(A+1) SYN(B)
ACK(B+1)

A B

trusted host
 Basic Concept of IP Spoofing

A www.carleton.ca
10.10.10.1 134.117.1.60
http://www.carleton.c
a

10.10.10.1 134.117.1.60 Any (>1024) 80

Src_IP dst_IP Src_port dst_port

spoofed

11.11.11.1 134.117.1.60 Any (>1024) 80

Src_IP dst_IP Src_port dst_port
 Types of IP Spoofing :
1. Denial-of-service attack :
The goal is to flood the victim with
overwhelming amounts of traffic. This
prevents an internet site or service
from functioning efficiently or at all,
temporarily or indefinitely.
 Spoofing Attacks:
flooding attack

sender ip
sp
oo
fed
src pa
: ck
ds rand et
t: v o
ict m
im

Oops, many packets

are coming. But, who
is the real source?
victim
 2. Impersonation :
impersonation

sender
ip
s po
ofe partner
src dp
:p ac
ds art ke
t: v ne t
ict r
im

Oh, my partner sent

me a packet. I’ll
victim
process this.
 3.Man in the Middle Attack :

This is also called connection hijacking.

In this attacks, a malicious party
intercepts a legitimate communication
between two hosts to controls the flow
of communication and to eliminate or
alter the information sent by one of the
original participants without their
knowledge.
 Man in the middle attack:

 Session hijacking
 Who is this freak ?
 None of u know who is spying on u ? Isn`t is
amusing..?
 Uses of IP Spoofing :
 To defeat networks security :
> Such as authentication based on IP addresses.
This type of attack is most effective where trust
relationships exist between machines.
>For example, some corporate networks have internal
systems trust each other, a user can login without a
username or password as long he is connecting from
another machine on the internal network. By spoofing
a connection from a trusted machine, an attacker may
be able to access the target machine without
authenticating.
Fallout of IP based
authentication:
 Defense against IP spoofing:
 Packet filtering- one defense against IP
spoofing
› Ingress filtering- blocking of packets from
outside the network with a source address
inside the network
› Egress filtering –blocking outgoing
packets from inside the network source
address.
 Filtering:

if src_addr is from
10.10.0.0
then drop
Internet
else forward
10.10.0.0

Router Firewall
10.10.10.0

if src_addr is IDS

from 10.10.0.0
then forward B

else drop
 Defense against IP
spoofing:
Upper Layers :
Some upper layer protocols provide their own
defense against IP spoofing.
For example, TCP uses sequence numbers
negotiated with the remote machine to ensure
that the arriving packets are part of an
established connection. Since the attacker
normally cant see any reply packets, he has to
guess the sequence number in order to hijack
the connection.
 Web Spoofing :
 It’s a security attack that allows an
adversary to observe and modify all
web pages sent to the victim’s machine
and observe all information entered
into forms by the victim.
Guess what ? I hv spoofed ur
web browser . Rn’t fealing
queasy.?
 Web Spoofing :
 The attack is initiated when a victim
visits a malicious web page, or
receives a malicious email message.
 The attack is implemented using
JavaScript and Web serves plug-ins.
Can`t u imbecile see this is a
hoax ?
 Dangers of Web Spoofing:
 After your browser has been fooled,
the spoofed web server can send
you fake web pages or prompt you
to provide personal information
such as login Id, password, or even
credit card or bank account
numbers.
 How to prevent it :
 Don’t click links in emails instead always copy and
paste, or even better manually type the URL in.
 When entering personal or sensitive information,
verify the URL is as you expect, and the site’s SSL
certificate matches that URL.
 Understand why you’re providing the information-
does it make sense? Does the site need to know
your SSN?
 Email Spoofing :
 E-mail spoofing is the forgery of an
e-mail header so that the message
appears to have originated from
someone or somewhere other than
the actual source.
 Email Spoof Protection:
 Double check the email you are replying to,
make sure that the letters are what they
truly seem. For example, l(lower case L) is
not the same as I(upper case i).
 Look at the IP information of the email
header. If an email originated from inside
your network, the sender should have very
similar IP address.
 Non-Technical Spoofing:

 These non-computer based techniques are

commonly referred to as social engineering.
With social engineering, an attacker tries to
convince someone that he is someone else.
 This can be as simple as the attacker calling
someone on the phone saying that he is a
certain person.
Aren`t u smelling some foul..?
“Trust ur intuition”
 Example of Non-Technical
Spoofing :
 An attacker calls the help desk to request a
new account to be set up. The attacker
pretends to be a new employee.
 A “technician” walks into a building saying
that he has been called to fix a broken
computer. What business does not have a
broken computer?
 Why does Non-Technical
Spoof Works :
 The main reason is that it exploits attributes of
human behavior: trust is good and people love
to talk. Most people assume that if someone is nice
and pleasant, he must be honest. If an attacker can
sound sincere and listen, you would be amazed at
what people will tell him.
 Lessons learnt trust the good old lore about
strangers that they r seldom good keep a distance
from them
 Non-Technical Spoof
protection :
 Educate your users:
› The help desk
› Receptionist
› Administrators
 Have proper policies:
› Password policy
› Security policy
Queries