MODULE 1
IP SPOOFING AND PROXY BOUNCING.
What is an IP Address?
An Internet Protocol address (IP address) is a numerical representation that unique identifies a
specific device connected to a computer network that uses the Internet Protocol for
communication.
Every computer connected in a network has an IP Address, due to which it is recognized and
connected by other systems or machines.
IP addresses consist of four numbers separated by periods (also called a 'dotted-quad') and look
something like 127.0.0.1
In simple words of a Hacker, an IP Address is like a real residence address with flat no., building
no., and area.
There two types of IP’s which are running into the real world.
1. IPv4.
2. IPv6.
IPv4 are 32-bits long. It allows for a maximum of 4,294,967,296 (232) unique addresses.
IPv6 are 128-bits, which allows for 3.4 x 1038 (2128) unique addresses.
IP addresses are binary numbers however they are typically expressed in decimal form (IPv4) or
hexadecimal form (IPv6). This makes reading and using them easier for humans.
The role of IP address?
So, IP address is required for creating and transmitting the data packets, or data diagrams,
across networks. The IP address is a part of the internet layer of the internet protocol suite.
According to the OSI Model, IP would be considered part of the network layer.
DIAGRAM OF IP ADDRESS
What is IP Spoofing?
In computer networking, IP Address Spoofing or IP Spoofing is the creation of IP packets with
the false source of IP address.
IP spoofing is a technique often used by hackers to launch distributed denial-of-service (DDoS)
attacks and man-in-the-middle (MITM) attacks against targeted devices or the surrounding
infrastructures. The goal of the DDoS attack is to overwhelm a target with traffic while hiding
the identity of the malicious source, preventing mitigation efforts.
Using spoofed IP addresses can give attackers the ability to:
• Avoid being discovered and implicated by the authorities as well as forensic cyber
investigators.
• Prevent targeted devices from alerting about attacks in which they are unwitting and
unwilling participants.
• Bypass security scripts, devices and services that attempt to mitigate DDoS attacks by
blacklisting IP addresses known to be sources of malicious traffic.
How IP Spoofing works?
In IP Spoofing, the attacker modifies the source address in the outgoing packets header, so that
the destination computer treats the packet as if it is coming from a trusted source.
How to prevent IP spoofing?
Organizations can take measures to stop IP Spoofing or Spoofing packets are as follows:
• Monitoring Networks to rectify the unknown packets
• Deploying packets filtering systems capability of detecting inconsistencies, such as
outgoing packets with source IP addresses that don’t match those on the company’s
network.
• By using robust verification methods for all remote access, including for systems on the
enterprise intranet to prevent accepting spoofed packets from an attacker who has
already breached another system on the enterprise network.
• Authenticating IP address of inbound IP packets.
• Using a network attack blocked
• Firewall are an important tool for blocking Spoofed IP packets
Types of Spoofing?
Spoofing can be carried out at different layers also. IP spoofing occurs at the network layer as
per OSI model (the 3rd layer).
Spoofing Device media access control (MAC) addresses in Address Resolution Protocol (ARP)
header occurs in the data link layer, in the Ethernet frames carrying that protocol.
Another type of spoofing is DNS (DOMAIN NAME SYSTEM) spoofing. This type of attack exploit
DNS vulnerabilities and divert internet traffic away from legitimate servers and towards fake
servers.
VIRTUAL PRIVATE NETWORK (VPN)
What is VPN?
VPN stands for Virtual Private Network, A VPN, or Virtual Private Network, allows you to create a secure
connection to another network over the Internet. VPNs can be used to shield your browsing activity
from prying eyes on public Wi-Fi, access region-restricted websites, and more.
In layman terms, a VPN connects your PC, smartphone, or tablet to another computer (called a
server) somewhere on the internet, and allows you to browse the internet using that
computer’s internet connection. If that server is in a different country, it will appear as if you
are coming from that country, and you can potentially access things that you couldn’t without
the VPN.
How does a VPN work?
The concept of VPN technology focuses on the inter-medium between private networks and
the public network. The intermediate device, be it software oriented, hardware oriented or a
combination of the two, acts on behalf of the private network that it protects. When a local
hosts sends data to a host in a remote network, the data must first pass from the private
network through the protecting gateway device, travel through the public network, and then
pass through the gateway device that is protecting the destination host in the remote network.
VPN protects the data by automatically encrypting it before it is sent from one private network
to another, encapsulating it into an IP packet, and then automatically decrypting the data at the
receiving end.
What is TOR and TOR Browser?
Tor is the easiest way to browse the web anonymously. Tor is short for The Onion Router.
Initially it was a worldwide network of servers developed with the U.S. Navy that enabled
people to browse the internet anonymously. Now, it's a non-profit organization whose main
purpose is the research and development of online privacy tools.
The Tor network disguises your identity by moving your traffic across different Tor servers, and
encrypting that traffic so it isn't traced back to you. Anyone who tried would see traffic coming
from random nodes on the Tor network, rather than your computer.
To access this network, you just need to download the Tor browser. Everything you do in the
browser goes through the Tor network.
Tor Browser is a web browser that anonymizes your web traffic using the Tor network, making
it easy to protect your identity online.
TOR BROWSER
What is a Proxy?
A web proxy works almost in the same way as a VPN. By connecting to the proxy server, all your
web traffic flows through the proxy server. Your IP address gets hidden by the proxy server’s IP
address.
But there are two major differences between proxy and VPN.
First, web proxies are typically unencrypted. Even if your IP address is masked by a proxy, the
traffic itself can still be tracked by ISPs and governments. Also, some websites may still be able
to see your real IP address using Flash or JavaScript.
Second, some browsers let you route only browser traffic. To use a web proxy, you go into your
web browser’s settings and manually input the proxy server’s IP address. This allows
applications and devices outside the web browser, like Skype, to still use your actual IP address.
How does a Proxy work?
A proxy server is basically a computer on the internet with its own IP address that your
computer knows. When you send a web request, your request goes to the proxy server first.
The proxy server then makes your web request on your behalf, collects the response from the
web server, and forwards you the web page data so you can see the page in your browser.
References:
• What Is Tor and Should I Use It? - Thorin Klosowski
https://lifehacker.com/what-is-tor-and-should-i-use-it-1527891029
• Global Information Assurance Certification Paper
https://www.giac.org/paper/gsec/561/understanding-virtual-private-networks-
vpn/101344
• What is a Proxy Server and How Does it Work? – Jeff Petters
https://www.varonis.com/blog/what-is-a-proxy-server/
• IP Spoofing- Margaret Rouse
https://searchsecurity.techtarget.com/definition/IP-spoofing