Ask
Login
0
3.2kviews
Write in brief about IP spoofing.
written 7.4 years ago by gravatar for teamques10 teamques10 64k •   modified 4.1 years ago
cryptography and system security
ADD COMMENT EDIT
1 Answer
1
17views
written 7.4 years ago by gravatar for teamques10 teamques10 64k
  • Packet spoofing refers to actively introducing fake network traffic pretending to be someone else.
  • Packet spoofing is an active attack as attacker can gain access to the victim’s system and cause damage.
  • An attacker sends packet with an incorrect source address. When this happens, the receiver (i.e. the party who receives these packets containing false addresses) would inadvertently send replies back to this forged address and not to the attacker.
  • This can lead to three possible cases:
    • The attacker can intercept the reply: If the attacker is between the destination and the forged source , then attacker can see the reply and use that information for hijacking attacks.
    • The attacker need not see the reply: If the attacker’s intent was DoS attack, he need not see the reply.
    • The attacker does not want the reply: the attacker could simply be angry with the host, so it may put the host’s address as the forged source address and send the packet to the destination. The attacker does not want a reply as it wants the host with the forged address to receive it and get confused.
  • MAC level spoofing: The Ethernet CARD (or LAN Card) is an integral part of any networking device. Each of this device contains a unique MAC address supplied by the manufacturer.
  • However many such cards can be reconfigured by the user. The MAC address is used for uniquely identifying a computer on Ethernet
  • The best way to prevent such spoofing is utilizing intelligent hubs which detect any changes in the MAC cards.
  • ARP spoofing: ARP stands for Address Resolution Protocol. . They are used for mapping the IP address to the system’s MAC address
  • We make some machine think that the IP address a machine is looking is you.
  • ARP works by sending a broadcast to all ask is Mr. X present. Reply is usually done by Mr. X himself.
  • If two X respond (real and fake), then its upto the OS which one to use.
  • The real Mr X can be disconnected by removing Power supply or tampering with the wirings.
  • To prevent ARP spoofing, we can assign permanent ARP records in the routing table.
ADD COMMENT EDIT
Please log in to add an answer.