1 / 16

IP-Spoofing and Source Routing Connections

IP-Spoofing and Source Routing Connections. Overview. First words Spoofing Linux configuration Sniffing IP-spoofing with source routing Vanilla IP-spoofing Ending. First Words. This speech will discuss router/firewall problems Include spoofing examples

colby
Télécharger la présentation

IP-Spoofing and Source Routing Connections

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IP-Spoofing and Source Routing Connections

  2. Overview • First words • Spoofing • Linux configuration • Sniffing • IP-spoofing with source routing • Vanilla IP-spoofing • Ending

  3. First Words This speech will discuss router/firewall problems Include spoofing examples Not session hijacking or TCP/UDP-spoofing

  4. Spoofing Internet protocol (IP) spoofing: 1. The creation of IP packets with counterfeit (spoofed) IP source addresses. 2. A method of attack used by network intruders to defeat network security measures such as authentication based on IP addresses. Note 1: An attack using IP spoofing may lead to unauthorized user access, and possibly root access, on the targeted system Note 2: A packet-filtering-router firewall may not provide adequate protection against IP spoofing attacks. It is possible to route packets through this type of firewall if the router is not configured to filter incoming packets having source addresses on the local domain Note 3: IP spoofing is possible even if no reply packets can reach the attacker. Note 4: A method for preventing IP spoofing problems is to install a filtering router that does not allow incoming packets to have a source address different from the local domain In addition, outgoing packets should not be allowed to contain a source address different from the local domain, in order to prevent an IP spoofing attack from originating from the local network.

  5. Linux 2.0.X Configuration • IP forwarding enabled • IP drop source routed frames disabled • IP aliasing enabled

  6. Sniffing • Siphon • Dsniff • Tcpdump B.2 B.1 A.1 C.1 C.3 C.2 E.2 D.1 E.1

  7. IP-Spoofing with Source Route • Why source route? • Example:Full connection IP-spoof with source route

  8. Why source route? 1/3 Choose path B.1 A.1 A.3 B.3 A.2 B.2

  9. Why source route? 2/3 Two networks have same network number A.2 A.1 B.1 C.1 B.2 C.2 D.1 D.1 D.2 D.2

  10. ”B.3” A.2 B.3 B.2 A.1 B.1 Why source route? 3/3 When IP-spoofing as an internal IP-address through a filtering router you don’t get any responses back

  11. Full Connection IP-Spoof with Source Route net E => net B deny B.2 B.1 A.1 ifconfig eth0:0 A.2 route add -net A eth0:0 nc -n -v -s A.2 -g E.2 E.2 23 nc -n -v -s A.2 -g E.2 E.1 23 nc -n -v -s A.2 -g E.2 -g E.1 C.1 23 nc -n -v -s A.2 -g E.2 -g E.1 -g C.1 B.2 23 C.1 ”A.2” C.2 E.2 D.1 E.1

  12. Full Connection Vanilla IP-Spoof Easy to IP-spoof as A.2 and sniff the responses Don’t get a full connection ”A.2” b.U.3 B.2 A.1 B.1 a.U.1 c.U.2 net A => net B allow any => any deny

  13. Full Connection Vanilla IP-Spoof ”a.A.2” b.U.3 B.2 A.1 B.1 ifconfig eth0 down ifconfig eth0 hw ether a ifconfig eth0 A.2 route add -net A eth0 ifconfig eth0:0 U.3 route add -net U eth0 route add default gw U.2 a.U.1 c.U.2 net A => net B allow any => any deny

  14. Ending Very easy way to establish full connections Same attack on local network ”a.X.1” b.A.2 c.A.3 a.A.1

  15. Ending Solution: • Disable “Source Routing” (part of IP-options)(Default on firewalls, not default on routers) • Implement spoofing protection(Not default on all firewalls) • Do not use filter rules over an untrusted networkUse VPN

  16. Ending Questions? Ian.Vitek@infosec.se

More Related