1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security IP address spoofing: Sending a...
-
Upload
gerard-booker -
Category
Documents
-
view
231 -
download
2
description
Transcript of 1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security IP address spoofing: Sending a...
![Page 1: 1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security IP address spoofing: Sending a message with a false IP address (Figure 3-17) Gives.](https://reader034.fdocuments.in/reader034/viewer/2022051318/5a4d1ad87f8b9ab059973d15/html5/thumbnails/1.jpg)
1
Figure 3-13: Internet Protocol (IP)
IP Addresses and Security IP address spoofing: Sending a message with a
false IP address (Figure 3-17)
Gives sender anonymity so that attacker cannot be identified
Can exploit trust between hosts if spoofed IP address is that of a host the victim host trusts
![Page 2: 1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security IP address spoofing: Sending a message with a false IP address (Figure 3-17) Gives.](https://reader034.fdocuments.in/reader034/viewer/2022051318/5a4d1ad87f8b9ab059973d15/html5/thumbnails/2.jpg)
2
Figure 3-17: IP Address Spoofing
Trusted Server60.168.4.6
Victim Server60.168.47.47
1. Trust Relationship
2. Attack Packet
Spoofed Source IP Address60.168.4.6
Attacker’s Identity is Not Revealed
Attacker’s Client PC1.34.150.37
3. Server Accepts Attack Packet
![Page 3: 1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security IP address spoofing: Sending a message with a false IP address (Figure 3-17) Gives.](https://reader034.fdocuments.in/reader034/viewer/2022051318/5a4d1ad87f8b9ab059973d15/html5/thumbnails/3.jpg)
3
Figure 3-13: Internet Protocol (IP)(Study Figure)
IP Addresses and Security LAND attack: send victim a packet with victim’s
IP address in both source and destination address fields and the same port number for the source and destination (Figure 3-18). In 1997, many computers, switches, routers, and even printers, crashed when they received such a packet.
![Page 4: 1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security IP address spoofing: Sending a message with a false IP address (Figure 3-17) Gives.](https://reader034.fdocuments.in/reader034/viewer/2022051318/5a4d1ad87f8b9ab059973d15/html5/thumbnails/4.jpg)
4
Figure 3-18: LAND Attack Based on IP Address Spoofing
Victim
60.168.47.47 Port 23 Open
Crashes
From: 60.168.47.47:23 To: 60.168.47.47:23Attacker
1.34.150.37
Source and Destination IP Addresses are the Same
Source and Destination Port Numbers are the Same
![Page 5: 1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security IP address spoofing: Sending a message with a false IP address (Figure 3-17) Gives.](https://reader034.fdocuments.in/reader034/viewer/2022051318/5a4d1ad87f8b9ab059973d15/html5/thumbnails/5.jpg)
5
Figure 3-13: Internet Protocol (IP)(Study Figure)
Other IP Header Fields Protocol field: Identifies content of IP data field
Firewalls need this information to know how to process the packet
Time-to-Live field Each router decrements the TTL value by
one Router decrementing TTL field to zero
discards the packet
![Page 6: 1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security IP address spoofing: Sending a message with a false IP address (Figure 3-17) Gives.](https://reader034.fdocuments.in/reader034/viewer/2022051318/5a4d1ad87f8b9ab059973d15/html5/thumbnails/6.jpg)
6
Figure 3-13: Internet Protocol (IP)(Study Figure)
Other IP Header Fields Time-to-Live field
Router also sends an error advisement message to the sender
The packet containing this message reveals the sender’s IP address to the attacker
Traceroute uses TTL to map the route to a host (Figure 3-19) Tracert on Windows machines
![Page 7: 1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security IP address spoofing: Sending a message with a false IP address (Figure 3-17) Gives.](https://reader034.fdocuments.in/reader034/viewer/2022051318/5a4d1ad87f8b9ab059973d15/html5/thumbnails/7.jpg)
7
Figure 3-19: Tracert Program in Windows
![Page 8: 1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security IP address spoofing: Sending a message with a false IP address (Figure 3-17) Gives.](https://reader034.fdocuments.in/reader034/viewer/2022051318/5a4d1ad87f8b9ab059973d15/html5/thumbnails/8.jpg)
8
Figure 3-13: Internet Protocol (IP)(Study Figure)
Other IP Header Fields Header Length field and Options
With no options, Header Length is 5 Expressed in units of 32 bits So, 20 bytes
Many options are dangerous So if Header Length is More Than 5, be
Suspicious Some firms drop all packets with options
![Page 9: 1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security IP address spoofing: Sending a message with a false IP address (Figure 3-17) Gives.](https://reader034.fdocuments.in/reader034/viewer/2022051318/5a4d1ad87f8b9ab059973d15/html5/thumbnails/9.jpg)
9
Figure 3-13: Internet Protocol (IP)(Study Figure)
Other IP Header Fields Length Field
Gives length of entire packet Maximum is 65,536 bytes Ping-of-Death attack sent IP packets with
longer data fields Many systems crashed
![Page 10: 1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security IP address spoofing: Sending a message with a false IP address (Figure 3-17) Gives.](https://reader034.fdocuments.in/reader034/viewer/2022051318/5a4d1ad87f8b9ab059973d15/html5/thumbnails/10.jpg)
10
Figure 3-20: Ping-of-Death Attack
Victim 60.168.47.47
Crashes
IP Packet Containing ICMP Echo Message That is Illegally Long
Attacker 1.34.150.37
![Page 11: 1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security IP address spoofing: Sending a message with a false IP address (Figure 3-17) Gives.](https://reader034.fdocuments.in/reader034/viewer/2022051318/5a4d1ad87f8b9ab059973d15/html5/thumbnails/11.jpg)
11
Figure 3-13: Internet Protocol (IP)(Study Figure)
Other IP Header Fields Fragmentation
Routers may fragment IP packets (really, packet data fields) en route All fragments have same Identification field value Fragment offset values allows fragments to be
ordered More fragments is 0 in the last fragment
Harms packet inspection: TCP header, etc. only in first packet in series Cannot filter on TCP header, etc. in subsequent
packets
![Page 12: 1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security IP address spoofing: Sending a message with a false IP address (Figure 3-17) Gives.](https://reader034.fdocuments.in/reader034/viewer/2022051318/5a4d1ad87f8b9ab059973d15/html5/thumbnails/12.jpg)
12
Figure 3-22: TCP Header is Only in the First Fragment of a Fragmented IP Packet
5. Firewall 60.168.47.47
Can Only Filter TCP
Header in First Fragment
Attacker 1.34.150.37
1. Fragmented IP Packet
2. Second Fragment
4. TCP Data Field
NoTCP Header
IP Header
TCP Data Field
2. First Fragment
IP Header
3. TCP Header Only in First Fragment
![Page 13: 1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security IP address spoofing: Sending a message with a false IP address (Figure 3-17) Gives.](https://reader034.fdocuments.in/reader034/viewer/2022051318/5a4d1ad87f8b9ab059973d15/html5/thumbnails/13.jpg)
13
Figure 3-13: Internet Protocol (IP)(Study Figure)
Other IP Header Fields Fragmentation
Teardrop attack: Crafted fragmented packet does not make sense when reassembled
Some firewalls drop all fragmented packets, which are rare today
![Page 14: 1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security IP address spoofing: Sending a message with a false IP address (Figure 3-17) Gives.](https://reader034.fdocuments.in/reader034/viewer/2022051318/5a4d1ad87f8b9ab059973d15/html5/thumbnails/14.jpg)
14
Figure 3-21: Teardrop Denial-of-Service Attack
Victim 60.168.47.47
CrashesAttack Pretends to be Fragmented
IP Packet When Reassembled, “Packet” does not Make Sense.
Gaps and Overlaps
Attacker 1.34.150.37
“Defragmented” IP Packet”
Gap Overlap
![Page 15: 1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security IP address spoofing: Sending a message with a false IP address (Figure 3-17) Gives.](https://reader034.fdocuments.in/reader034/viewer/2022051318/5a4d1ad87f8b9ab059973d15/html5/thumbnails/15.jpg)
15
Figure 3-24: IP Packet with a TCP Segment Data Field
Source Port Number (16 bits) Destination Port Number (16 bits)
Bit 0 Bit 31
Acknowledgment Number (32 bits)
Sequence Number (32 bits)
TCP Checksum (16 bits)
Window Size(16 bits)
Flag Fields(6 bits)
Reserved(6 bits)
HeaderLength(4 bits)
Urgent Pointer (16 bits)
IP Header (Usually 20 Bytes)