DOC PREVIEW
GT ECE 4112 - Address Spoofing and Denial of Service

This preview shows page 1-2-15-16-17-32-33 out of 33 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 33 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 33 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 33 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 33 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 33 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 33 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 33 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 33 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

PowerPoint PresentationSlide 2The Ethernet Frame - IEEE 802.3MAC modification/SpoofingModifying Windows XP Network InterfaceModifying Windows XP Network Interface (continued)Modifying Linux Network InterfaceAddress Resolution Protocol (ARP)ARP Cache PoisoningArpspoof ExampleNetwork and Transport LayersInternet Protocol (IP)IP SpoofingSlide 14Transmission Control Protocol (TCP)Slide 16Transmission Control Protocol (TCP) (4)Session HijackingSlide 19DSniffSlide 21Slide 22Email SpoofingSlide 24Email Spoofing (Not in Lab Assignment)Raw SocketslibnetDenial of ServiceInternet Control Message Protocol (ICMP)Slide 30Slide 31References WWWReferences BooksECE 4112 - Internetwork Security1Address Spoofing and Denial of Service•AgendaMac ModificationAddress Resolution Protocol TrickeryIP address spoofingTCP session HijackingDomain Name SpoofingEmail Spoofing (not in lab)Denial of ServiceECE 4112 - Internetwork Security2IP Spoofing and Denial of Service Lab ExercisesMedium Access Control Address SpoofingWindows XP MAC modificationLinux MAC modificationIP SpoofingFrom Windows wINJECTFrom Linux fraggle.cDomain Name System Spoofingdsniff toolDenial of Servicedatapool toolsynfulteardropudpfloodECE 4112 - Internetwork Security3The Ethernet Frame - IEEE 802.3•Destination and Source MAC Addresses are modified for spoofing.ECE 4112 - Internetwork Security4MAC modification/Spoofing•Change the MAC on a Host (Cloning)Linux (ifconfig)Windows Network Settings•Creating Link Layer Packets (Spoofing)libnet (API)Linkcat (tool – netcat for link layer)ECE 4112 - Internetwork Security5Modifying Windows XP Network InterfaceECE 4112 - Internetwork Security6Modifying Windows XP Network Interface (continued)ECE 4112 - Internetwork Security7Modifying Linux Network InterfaceECE 4112 - Internetwork Security8Address Resolution Protocol (ARP)•Method to finding a host's Ethernet address•Broadcast message looking for the IP address•Hosts maintain a cache to avoid frequent requestsECE 4112 - Internetwork Security9ARP Cache Poisoning•Man in the Middle (MiM) AttackSession StealingPacket/Data Injection•Beat the SwitchMaking a Switch into a HubECE 4112 - Internetwork Security10Arpspoof ExampleECE 4112 - Internetwork Security11Network and Transport Layers•Internet Protocol (IP)•Internet Control Message Protocol (ICMP)•Transmission Control Protocol (TCP)•User Data Protocol•TCP Session HijackingECE 4112 - Internetwork Security12Internet Protocol (IP)•IP provides a best-effort way to route datagrams from source to destination•Source address, destination address: network number and host number•IP spoofing: change or disguise source addressversion IHL Type of Service Total lengthIdentificationDF DF MFFragment offsetTime to live Protocol Header checksumSource addressDestination addressOptions (0 or more words)ECE 4112 - Internetwork Security13IP Spoofing•Non-blind attacksAttacker and target on same subnetReply traffic can be sniffed•Blind attacksAttacker and target on different subnetsReply traffic cannot be seen by attackerAttacker must be able to predict repliesECE 4112 - Internetwork Security14IP Spoofing•Attacks made possible by IP spoofing includeDenial of Service (DOS)Session HijackingMan in the Middle•To take over a TCP stream, sequence and acknowledgement numbers must be sniffed or predicted.ECE 4112 - Internetwork Security15Transmission Control Protocol (TCP) •Source and Destination Ports•Sequence and Acknowledgement number•Reliability Checksum (not tamperproof)Source port Destination portSequence numberAcknowledgement numberTCP HLURGACKPSHRSTSYNFINWindow sizeChecksum Urgent pointerOptions (0 or more 32-bit words)Data (Optional)ECE 4112 - Internetwork Security16Transmission Control Protocol (TCP) •Packet TypesURG - UrgentACK - AcknowledgePSH - PushRST - ResetSYN - Synchronize can flood a serverFIN - FinishECE 4112 - Internetwork Security17Transmission Control Protocol (TCP) (4)•TCP connection initiationThree-way handshakeSYN (SEQ=x)SYN (SEQ=y, ACK=x+1)(SEQ=x+1, ACK=y+1)Host 1 Host 2ECE 4112 - Internetwork Security18Session Hijacking•Session hijacking attacks: based on sniffing and IP spoofingAttacker monitors packets between Alice and BobAttacker injects spoofed traffic with a source IP address of AliceAlice BobAttackernetworkAlice telnet“Hi, I am Alice”ECE 4112 - Internetwork Security19DNS Spoofing• Causes name resolution to result in an incorrect IP address• In our lab, use tool dsniff to accomplishECE 4112 - Internetwork Security20DSniff•Collection of tools for network auditing and penetration testing.•Tools includedArpSpoofDNSspoofDsniffFilesnarfMacofECE 4112 - Internetwork Security21DSniffMailsnarfMsgsnarfTCPKillTCPniceURLSnarfWebSpySSHMITMWebMITMECE 4112 - Internetwork Security22DSniff•All kinds of attacks can be run. E.g. –Password SniffingMessage and File CaptureURL CaptureMan-In-The-Middle •Lab exercisesDNS SpoofingECE 4112 - Internetwork Security23Email Spoofing•Email spoofing is effective because most people don’t have time to double check their headers all the time.•An email’s true origin can be further obfuscated by forging extra “Received:” lines.•To force a verification, email can be cryptographically signed.ECE 4112 - Internetwork Security24Email Spoofing•Email spoofing is a form of social engineering.•Email spoofing is also used by spammers to make it more difficult to track them.•A forged email can be detected by close inspection of its headers.•Login to SMTP (port 25) is unauthenticated, so anyone can log in and send mail.ECE 4112 - Internetwork Security25Email Spoofing (Not in Lab Assignment)telnet mail.xyz.gatech.edu 25220 sark.xyz.gatech.edu ESMTP Sendmail 8.12.10/8.12.8; Mon, 1 Dec 2003 040500 (EST)HELO abc4883.com250 sark.xyz.gatech.edu Hello ece-237-37.abc.gatech.edu [130.207.237.37], pleased to meet youMAIL FROM: <[email protected]>250 2.1.0 <[email protected]>... Sender okRCPT TO: <[email protected]>250 2.1.5 <[email protected]>... Recipient okDATA354 Enter mail, end with "." on a line by itselfGreetings from abc4883!.250 2.0.0 hAUMOh6c005386 Message accepted for deliveryQUIT221 2.0.0 sark.xyz.gatech.edu closing connectionECE 4112 - Internetwork Security26Raw Sockets•Allows the application to directly access the Network Access Layer (TCP/IP


View Full Document

GT ECE 4112 - Address Spoofing and Denial of Service

Documents in this Course
Firewalls

Firewalls

40 pages

Firewalls

Firewalls

126 pages

Load more
Download Address Spoofing and Denial of Service
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Address Spoofing and Denial of Service and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Address Spoofing and Denial of Service 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?