IP Spoofing…

Posted on 29/10/2009 by

0



Hey! Ppl!…this post is about IP Spoofing…

Internet Protocol(IP):

Internet Protocol (IP) is a network protocol operating at layer 3 (network) of the OSI model. It is a connectionless model, and it means there is no information regarding a transaction state which is used to route packets on a network. Additionally there is no method in place to ensure that a packet is properly delivered to the destination.Examining the IP header we can see that the first 12 Bytes (or the top 3 rows of the header) contain various information about the packet. The next 8 Bytes (the next 2 rows) however, contains the source and destination of the IP addresses. Using one of the several tools an attacker can easily modify these addresses – specifically the “source address” field. It’s important to note that each datagram is sent independently of all others due to the stateless nature of IP.

Example :

ip image


 

 

 

 

 

 

 

 

Transmission Control Protocol – TCP:

IP can be thought of as a routing wrapper for layer 4 (transport) which contains the Transmission Control Protocol (TCP). Unlike IP.. TCP uses a connection-oriented design. This means that the participants in a TCP session must first build a connection – via the 3-way handshake (SYN-SYN/ACK-ACK) – then update one another on progress – via sequences and acknowledgements. This “conversation”, ensures data reliability since the sender receives an OK from the recipient after each packet exchanges.  As you can see above, a TCP header is very different from an IP header. We are concerned with the first 12 bytes of the TCP packet which contains a port and sequencing certain information. Much like an IP datagram, TCP packets can be manipulated using a software. The source and destination ports normally depend on the network application in use (for example, HTTP via port 80). What’s important for our understanding of spoofing are the sequence and acknowledgement numbers. The data contains in these fields ensures packet delivery by determining whether or not a packet needs to be resent. The sequence number is the number of the first byte in the current packet, which is relevant to the data stream. The acknowledgement number in turn contains the value of the next expected sequence number in the stream. This relationship confirms, on both ends and that the proper packets were received. It’s quite different than IP since the transaction state is closely monitored.

Example :

ip image 1

 

 

 

 

 

 

 

 

 

 

IP spoofing is the most exciting topic you will hear wannabe hackers talking about.  It is also a subject about which no one knows that much. Before we continue I would like to tell you that IP Spoofing is quite difficult to understand and a lot of people have trouble understanding how it is done. The other downside it has is the fact that it can almost not be done using a Windows system and a system administrator can easily protect his system from IP spoofing IP Spoofing its a trick played on servers to fool the target computer into thinking that it is receiving data from a source other than you.

 

The 3 Main Categories of  IP Spoofing:

1. Email spoofing: Spoof emails can be a major problem for unsuspecting Internet users. Claiming to be sent by well-known companies, these emails ask consumers to reply with personal information, such as their credit card number, social security number or account password.These deceptive emails are called “Spoof Emails” because they fake the appearance of a popular Web site or company in an attempt to commit identity theft. Also known as “hoax” or “phishing” emails, this practice is occurring more and more frequently throughout the online world.Sending an unofficial email from someone else.

Example 1 :

scr1Step1_318x2761

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

How to Spot a Spoof E-mail :

A. Sender’s Email Address:
Spoof email may include a forged email address in the “From” line – Some may actually be real email addresses that have been forged. (From: billing@ebay.com; From: eBayAcctMaintenance@eBay.com; From: support@ebay.com).

B. Email Greeting:
Many Spoof emails will begin with a general greeting such as “Welcome eBay User.”

C. Urgency:
Claims that eBay is updating its files or accounts – Don’t worry, it is highly unlikely that eBay will lose your account information.

D. Account Status Threat:
Most Spoof emails try to deceive you with the threat that your account is in jeopardy and you will not be able to buy or sell on eBay if you do not update it immediately.

E. Links in an Email:
While many emails have links included, just remember that these links can be forged too.

F. Requests Personal Information:
Requests that you enter sensitive personal information such as a User ID, password or bank account number by clicking on a link or completing a form within the email are a clear indicator of a Spoof email.

Example : 2

scr2Step2_318x416

scr3Step2_318x275

 

 

 

 

 

 

 

 

 

How to Spot a Fake Website :

You can count on the fact that a Spoof email will take you to a fake Web site, the link in the email will not match up with the URL of the site it takes you to.

Example : 3

scr1Step3_318x276

 

 

 

 

 

 

 

 

 

 

What to do About Spoofs:

The good news about Spoof emails is that you are in control – you can protect your personal financial information by ignoring the spoof altogether. You should never provide contact, sign-in or other sensitive personal information in an email.

Example : 4

scr1Step4_318x276

The next post will be about the Domain Name system and how to Hack it…till then Keep Reading and Enjoy!!! 🙂 tc.

Cheers!

Ellahax..

Advertisements
Posted in: Hacking, Networking