Visvesvaraya Technological University

Belagavi, Karnataka-590 014

A
SEMINAR REPORT
ON
IP SPOOFING ATTACK
Submitted in partial fulfillment of the requirement for the award of the Degree of

BACHELOR OF ENGINEERING
in
COMPUTER SCIENCE AND ENGINEERING
by
KUMAR SOURAV
USN : 1JS11CS045

JSS ACADEMY OF TECHNICAL EDUCATION, BENGALURU

Department of Computer Science & Engineering
2014-2015

JSS MAHAVIDYAPEETHA, MYSURU

JSS ACADEMY OF TECHNICAL EDUCATION

JSS CAMPUS, UTTARAHALLI_KENGERI ROAD, BENGALURU 560060
DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

CERTIFICATE
This is to certify that Mr. KUMAR SOURAV with USN 1JS11CS045, VIII semester B.E. in
Computer Science and Engineering has presented and successfully completed the seminar titled
IP SPOOFING ATTACK in the presence of the undersigned examiners for the partial
fulfillment of the award of Bachelor Of Engineering Degree under VTU, Belgavi, for the
academic year 2014-2015.

Co-ordinators

Head of the Department

Mr. Niranjan C. K. & Mr. Manjunath B. T.

Assistant Professor,
Dept. of CSE, JSSATE, Bengaluru

Dr. D. V. Ashoka
Professor & Head,
Dept. of CSE, JSSATE, Bengaluru

Panel Members:
1.
2.
3
4

Signature of Panel Members

ACKNOWLEDGEMENT
The satisfaction and euphoria that accompany the successful completion of any task would
be incomplete without the mention of people who made it possible whose constant guidance
and encouragement crowned our effort with success.
I consider myself proud to be a part of JSSATE family, the institution that stood by my way
in all my endeavours.
I am grateful to our principal, Dr. Mrityunjaya V. Latte, for providing us an opportunity to
carry out the seminar in his prestigious institution.
Guidance and deadlines played a very important role in successful completion of the seminar
report on time .I convey our gratitude to Dr. D.V. Ashoka, Prof. and HOD,Department of
Computer Science and Engineering for having constantly monitored the completion of the
seminar report and setting up precise deadlines.
I thank our panel members

and Mr. Manjunath B.T. for their immense

support, guidance, specifications and ideas without which the seminar report would have
been incomplete.
Finally a note of thanks to Department of Computer Science and Engineering, both
teaching and non teaching staff for their cooperation extended to us.

ABSTRACT
Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4
IP spoofing is a method of attacking a network in order to gain unauthorized access. The
attack is based on the fact that Internet communication between distant computers is
routinely handled by routers which find the best route by examining the destination address,
but generally ignore the origination address. The origination address is only used by the
destination machine when it responds back to the source. In a spoofing attack, the intruder
sends messages to a computer indicating that the message has come from a trusted system.
To be successful, the intruder must first determine the IP address of a trusted system, and
then modify the packet headers to that it appears that the packets are coming from the trusted
system.
In essence, the attacker is fooling (spoofing) the distant computer into believing that they are
a legitimate member of the network. The goal of the attack is to establish a connection that
will allow the attacker to gain root access to the host, allowing the creation of a backdoor
entry path into the target system.

ii

CONTENTS
1. Introduction

2. TCP/IP Protocol Suite

2.1 Internet Protocol.

2.2 Transmission Control Protocol

2.3 Consequences of the TCP/IP Design

3. Spoofing Attacks

3.1 Non Blind Spoofing

3.2 Blind Spoofing

3.3 Man In The Middle Attack

3.4 Denial of Service Attack

11

4. Mechanism of the Attack

12

5. Methods to Prevent IP Spoofing

19

5.1 Packet Filtering

19

5.2 Filtering at the Router

21

5.3 Encryption and Authentication

21

5.4 Be Un-trusting and Un-trustworthy

22

5.5 Cryptographic Methods

22

5.6 Initial Sequence Numbering Randomizing

22

6. Applications of IP Spoofing

23

6.1 Asymmetric Routing (Splitting Routing)

23

6.2 SAT DSL

24

6.3 NAT

27

6.4 IP Masquerade

28

6.5 Services Vulnerable to IP Spoofing

30

6.6 TCP and IP Spoofing Tools

30

7. Conclusion

31

8. References

32

1. INTRODUCTION
Criminals have long employed the tactic of masking their true identity,from disguises to
aliases to caller-id blocking. It should come as no surprise then, that criminals who conduct
their nefarious activities on networks and computers should employ such techniques. IP
spoofing is one of the most common forms of on-line camouflage. In IP spoofing, an
attacker gains unauthorized access to a computer or a network by making it appear that a
malicious

message

has

come

from

trusted

machine

by spoofing the IP address of that machine. In the subsequent pages of this report, we
will examine the concepts of IP spoofing: why it is possible, how it works, what it is used
for and how to defend against it.

1.1

Brief History of IP Spoofing

The concept of IP spoofing was initially discussed in academic circles in the 1980's.
In the April 1989 article entitled: Security Problems in the TCP/IP Protocol Suite, author S.
M Bellovin of AT & T Bell labs was among the first to identify IP spoofing as a real risk to
computer networks. Bellovin describes how Robert Morris, creator of the now infamous
Internet Worm, figured out how TCP created sequence numbers and forged a TCP packet
sequence. This TCP packet included the destination address of his victim and using an IP
spoofing attack Morris was able to obtain root access to his targeted system without a User ID
or password. Another infamous attack, Kevin Mitnick's Christmas Day crack of Tsutomu
Shimomura's machine, employed the IP spoofing and TCP sequence prediction techniques.
While the popularity of such cracks has decreased due to the demise of the services they
exploited, spoofing can still be used and needs to be addressed by all security administrators.
A common misconception is that "IP spoofing" can be used to hide your IP address while
surfing the Internet, chattingon-line, sending e-mail, and so forth. This is generally not true.
Forging the source IP address causes the responses to be misdirected, meaning you cannot
create abnormal network connection. However, IP spoofing is an integral part of many
network attacks that do not need to see responses (blind spoofing)
2

2. TCP/IP PROTOCOL SUITE

IP Spoofing exploits the flaws in TCP/IP protocol suite. In order to completely understand
how these attacks can take place, one must examine the structure of the TCP/IP protocol
suite. A basic understanding of these headers and network exchanges is crucial to the process.

2.1 Internet Protocol

IP
The Internet Protocol (or IP as it generally known), is the network layer of the Internet. IP
provides a connection-less service. The job of IP is to route and send a packet to the packet's
destination. IP provides no guarantee whatsoever, for the packets it tries to deliver. The IP
packets are usually termed data grams. The data grams go through a series of routers before
they reach the destination. At each node that the datagram passes through, the node
determines the next hop for the datagram and routes it to the next hop. Since the network
is dynamic, it is possible that two data grams from the same source take different paths to
make it to the destination. Since the network has variable delays, it is not guaranteed that the
data grams will be received in sequence. IP only tries for a best-effort delivery. It does not
take care of lost packets; this is left to the higher layer protocols. There is no state maintained
between two data grams; in other words, IP is connection-less.