IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Threats Catalogue Deliberate Acts Remarks<br />

____________________________________________________________________ .........................................<br />

T 5.48 IP Spoofing<br />

IP spoofing is a method of infiltration in which incorrect IP numbers are used<br />

to act out a false identity to the IP system being attacked.<br />

Within many protocols of the TCP/IP family, authentication of the <strong>IT</strong> systems<br />

communicating with each other takes place only via the IP address which is<br />

easily falsified. If one also exploits the fact that the sequence numbers used by<br />

computers for synchronisation when making a TCP/IP connection are easy to<br />

guess, it is possible to send packets using any sender address at all. Thus,<br />

appropriately configured services such as rlogin can be used. In this case,<br />

however, an invader must possibly take into account the fact that he will not<br />

receive an answer packet from the computer which is being used improperly.<br />

Additional services which are threatened by IP spoofing are rsh, rexec, X-<br />

Windows, RPC-based services such as NPS and TCP-Wrapper which is<br />

otherwise a very worthwhile service for setting up access monitoring for<br />

TCP/IP networked systems. Unfortunately, the addresses used in level 2 of the<br />

OSI model such as Ethernet or hardware addresses are also easy to falsify and<br />

therefore provide no reliable basis for authentication.<br />

In LAN’s in which the Address Resolution Protocol (ARP) is used, many<br />

more effective spoofing attacks are possible. ARP is used to find the 48 bit<br />

hardware or Ethernet address belonging to a 32 bit IP address. If a<br />

corresponding entry is not found in an internal table in the computer, an ARP<br />

broadcast packet is transmitted with the unknown IP number. <strong>The</strong> computer<br />

with this IP number then transmits an ARP answer packet back with its<br />

hardware address. As the ARP answer packets are not secure against<br />

manipulation, it is usually sufficient to gain control over one of the computers<br />

in the LAN in order to compromise the entire network.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!