anti IP spoofing technique MATSUZAKI ‘maz’ Yoshinobu <[email protected]> Copyright (C) 2006 Internet Initiative Japan Inc. 1 ip spoofing creation of IP packets with source addresses other than those assigned to that host Copyright (C) 2006 Internet Initiative Japan Inc. 2 Malicious uses with IP spoofing • impersonation – session hijack or reset • hiding – flooding attack • reflection – ip reflected attack Copyright (C) 2006 Internet Initiative Japan Inc. 3 impersonation sender i p sp partner o of s e rc: d p p a d a c st: rtn ket vi er cti m Oh, my partner sent me a packet. Iʼll victim process this. Copyright (C) 2006 Internet Initiative Japan Inc. 4 hiding sender i p s p o of e sr d c: pa r c dst: ando ket victi m m Oops, many packets are coming. But, who is the real source? victim Copyright (C) 2006 Internet Initiative Japan Inc. 5 reflection ip spoofed packet sender src: victim dst: reflector reflector t e k r o c a ct p e m ly efl cti p r i re c: : v r t s s d Oops, a lot of replies without any request… victim Copyright (C) 2006 Internet Initiative Japan Inc. 6 ip reflected attacks • smurf attacks – icmp echo (ping) – ip spoofing (reflection) – directed-broadcast amplification • dns amplification attacks – dns query – ip spoofing (reflection) – DNS amplification Copyright (C) 2006 Internet Initiative Japan Inc. 7 amplification 1. multiple replies Sender 2. bigger reply Sender Copyright (C) 2006 Internet Initiative Japan Inc. 8 directed-broadcast amplification icmp echo request Sender icmp echo replies Copyright (C) 2006 Internet Initiative Japan Inc. 9 DNS amplification ANY ?xxx.example.com DNS Sender xxx.example.com IN TXT XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX Copyright (C) 2006 Internet Initiative Japan Inc. 10
Description: