Security Flaws in IP The iP addresses are filled in by the originating host Address spoofing Using source address for authentication r-utilities(rlogin, rsh, rhosts etc.) 2111c Can a claim it is b to the server s? Internet .ARP Spoofing 1.13s Can c claim it is b to the server s? A11111112B 15-411: F08 security ° Source routing
Security Flaws in IP • The IP addresses are filled in by the originating host Address spoofing • Using source address for authentication r-utilities (rlogin, rsh, rhosts etc..) Internet 2.1.1.1 C A 1.1.1.1 1.1.1.2 B 1.1.1.3 S •Can A claim it is B to the server S? •ARP Spoofing •Can C claim it is B to the server S? 15-411: F08 security •Source Routing 6
Smurf Attack 口 Internet Attacking System Broadcast Enabled 6 Network Victim System 15-411: F08 security
Smurf Attack Attacking System Internet Broadcast Enabled Network Victim System 15-411: F08 security 7
ICMP Attacks No authentication ICMP redirect message Can cause the host to switch gateways ◆ Benefit of doing this? Man in the middle attack, sniffing icmP destination unreachable Can cause the host to drop connection ICMP echo request/reply Many more .http://www.sans.org/rr/whitepapers/threats/477.php 15-411: F08 security
ICMP Attacks • No authentication • ICMP redirect message Can cause the host to switch gateways Benefit of doing this? ▪ Man in the middle attack, sniffing • ICMP destination unreachable Can cause the host to drop connection • ICMP echo request/reply • Many more… http://www.sans.org/rr/whitepapers/threats/477.php 15-411: F08 security 8
Routing attacks Divert traffic to malicious nodes ◆B|ack-ho|e ◆ Eavesdropping How to implement routing attacks? ◆ Distance∨ ector: ◆Link- state: BGP vulnerabilities 15-411: F08 security 9
Routing attacks • Divert traffic to malicious nodes Black-hole Eavesdropping • How to implement routing attacks? Distance-Vector: Link-state: • BGP vulnerabilities 15-411: F08 security 9
Routing attacks Divert traffic to malicious nodes ◆B|ack-ho|e ◆ Eavesdropping How to implement routing attacks? Distance-Vector Announce low-cost routes Link-state: Dropping links from topology BGP vulnerabilities ◆ Prefix-hijacking ◆ Path alteration 15-411: F08 security 10
Routing attacks • Divert traffic to malicious nodes Black-hole Eavesdropping • How to implement routing attacks? Distance-Vector: Announce low-cost routes Link-state: Dropping links from topology • BGP vulnerabilities Prefix-hijacking Path alteration 15-411: F08 security 10