WHAT YOU SEE IS NOT WHAT YOU SEE

KALLOL CHAKMA
MCE-04505189

DEBARGHYA KUNDU SETU

MCE-04505187

MD. HEDAYET HOSSAIN

MCE-04505191

Spoofing is the action of making something look like something that it is not in order to gain unauthorized access to a user's private information. The term spoofing is also sometimes used to refer to header forgery.

The context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.

IP address spoofing Caller ID spoofing MAC spoofing DNS spoofing SMS spoofing

Email spoofing Website spoofing ARP spoofing Protocol spoofing Login spoofing

IP address spoofing or IP spoofing refers to the creation of Internet Protocol packets with a forged source IP address, called spoofing, with the purpose of concealing the identity of the sender or impersonating another computing system.

Email spoofing may occur in different forms, but all have a similar result: a user receives email that appears to have originated from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information

Caller ID spoofing is the practice of causing the telephone network to display a number on the recipient's Caller ID Display that is not that of the actual originating station.

Web spoofing is a kind of electronic con game in which the attacker creates a convincing but false copy of the entire World Wide Web. The false Web looks just like the real one: it has all the same pages and links. However, the attacker controls the false Web, so that all network traffic between the victims browser and the Web goes through the attacker.

The MAC address of the network card is a unique identifier assigned to each Ethernet card. Network administrators can locally find the MAC address of a machine by either sniffing traffic from the wire or by downloading ARP tables from routers. Therefore, hackers on internal networks (such as corporations or universities) will often try to hide their MAC address.

ARP spoofing is a computer hacking technique whereby an attacker sends fake or spoofed ADDRESS RESOLUTION PROTOCOL messages onto a Local Area Network. Generally, the aim is to associate the attacker's MAC Address with the IP Address of another host (such as the default gateway), causing any traffic meant for that IP address to be sent to the attacker instead.

DNS spoofing (or DNS cache poisoning) is a computer hacking attack, whereby data is introduced into a Domain Name System (DNS) name servers cache database, causing the name server to return an incorrect IP Address ,diverting traffic to another computer (often the attacker's)

Protocol spoofing is used in data communications to improve performance in situations where an existing protocol is inadequate, for example due to long delays or high error rates.

SMS spoofing is a relatively new technology which uses the (SMS), available on most mobile phones and personal digital assistants, to set who the message appears to come from by replacing the originating mobile number (Sender ID) with alphanumeric text.

Login spoofing are techniques used to steal a user's password. The user is presented with an ordinary looking login prompt for username and password, which is actually a malicious program, usually called a Trojan Horse under the control of the attacker. When the username and password are entered, this information is logged or in some way passed along to the attacker, breaching security.

IP spoofing is a technique used to gain unauthorized access to computers, where by the attacker sends messages to a computer with a forging IP address indicating that the message is coming from a trusted host. Attacker puts an internal, or trusted, IP address as its source. The access control device sees the IP address as trusted and lets it through.

Uses for IP spoofing include the following: IP spoofing is usually limited to the injection of malicious data or commands into an existing stream of data. A hacker changes the routing tables to point to the spoofed IP address, then the hacker can receive all the network packets that are addressed to the spoofed address and reply just as any trusted user can.

Basic Concept of IP Spoofing

A
10.10.10.1

www.carleton.ca
134.117.1.60

http://www.carleton.ca

10.10.10.1 134.117.1.60 Src_IP dst_IP

Any (>1024) Src_port

80 dst_port

spoofed
11.11.11.1 134.117.1.60 Src_IP dst_IP Any (>1024) Src_port 80 dst_port

sender partner

Oh, my partner sent me a packet. Ill process this.

victim

Man-in-the-Middle attack

In a Man-in-the-Middle attack, the message sent to a recipient is intercepted by a third-party which manipulates the packets and resends it own message.

Denial of Service (DoS) Attack

A DoS attack is when a attacker floods a system with more packets than its resources can handle.

If you monitor packets using network-monitoring software such as netlog, look for a packet on your external interface that has both its source and destination IP addresses in your local domain. If you find one, you are currently under attack.

Monitoring packets using network monitoring software. Installing a filtering router because Packet filtering is one defense against IP spoofing attacks It is also recommended to design network protocols and services so that they do not rely on the IP source address for authentication.

To prevent IP spoofing happen in your network, the following are some common practices:
1- Avoid using the source address authentication. Implement cryptographic authentication system-wide.

2- Configuring your network to reject packets from the Net that claim to originate from a local address.
If you allow outside connections from trusted hosts, enable encryption sessions at the router.

Email spoofing is email activity in which the sender address and other parts of the email header are altered to appear as though the email originated from a different source. Because core SMTP doesn't provide any authentication, it is easy to impersonate and forge emails. Altering the header of an email so that the email appears to be sent from someone else. Although there are legitimate uses, these techniques are also commonly used in spam and phishing emails to hide the origin of the email message.

Really?

Check the content of the email:

Is the content weird in some way, or really unexpected

from the sender? Does it contain a form? Does it request to either confirm or update login or any kind of information?

Check the header of the email

 Mail

Server Authentication Digitally Signed Email with Desktop Verification Digitally Signed Email with Gateway Verification Mail Server IP Verification