Module_4

MODULE 1

IP SPOOFING AND PROXY BOUNCING

1.1. WHAT IS AN IP ADDRESS?

An Internet Protocol address (IP address) is a numerical representation that
unique identifies a specific device connected to a computer network that uses
the Internet Protocol for communication.

Every computer connected in a network has an IP Address, due to which it is
recognized and connected by other systems or machines.

IP addresses consist of four numbers separated by periods (also called a 'dotted-
quad') and look something like 127.0.0.1

In simple words of a Hacker, an IP Address is like a real residence address
with flat no., building no., and area.

There two types of IP’s which are running into the real world.

1. IPv4.
2. IPv6.

IPv4 are 32-bits long. It allows for a maximum of 4,294,967,296 (232) unique
addresses.

IPv6 are 128-bits, which allows for 3.4 x 1038 (2128) unique addresses.

IP addresses are binary numbers however they are typically expressed in
decimal form (IPv4) or hexadecimal form (IPv6). This makes reading and
using them easier for humans.

1.2. THE ROLE OF IP ADDRESS?

So, IP address is required for creating and transmitting the data packets, or data
diagrams, across networks. The IP address is a part of the internet layer of the
internet protocol suite. According to the OSI Model, IP would be considered
part of the network layer.

1.3. DIAGRAM OF IP ADDRESS

1.4. WHAT IS IP SPOOFING?

In computer networking, IP Address Spoofing or IP Spoofing is the creation of
IP packets with the false source of IP address.

IP spoofing is a technique often used by hackers to launch distributed denial-
of-service (DDoS) attacks and man-in-the-middle (MITM) attacks against
targeted devices or the surrounding infrastructures. The goal of the DDoS
attack is to overwhelm a target with traffic while hiding the identity of the
malicious source, preventing mitigation efforts.

Using spoofed IP addresses can give attackers the ability to:

• Avoid being discovered and implicated by the authorities as well as
forensic cyber investigators.

• Prevent targeted devices from alerting about attacks in which they are
unwitting and unwilling participants.

• Bypass security scripts, devices and services that attempt to mitigate
DDoS attacks by blacklisting IP addresses known to be sources of
malicious traffic.

1.5. HOW IP SPOOFING WORKS?

In IP Spoofing, the attacker modifies the source address in the outgoing packets
header, so that the destination computer treats the packet as if it is coming from
a trusted source.

1.6. HOW TO PREVENT IP SPOOFING?

Organizations can take measures to stop IP Spoofing or Spoofing packets are
as follows:

• Monitoring Networks to rectify the unknown packets
• Deploying packets filtering systems capability of detecting

inconsistencies, such as outgoing packets with source IP addresses that
don’t match those on the company’s network.
• By using robust verification methods for all remote access, including for
systems on the enterprise intranet to prevent accepting spoofed packets
from an attacker who has already breached another system on the
enterprise network.
• Authenticating IP address of inbound IP packets.
• Using a network attack blocked

• Firewall are an important tool for blocking Spoofed IP packets
1.7. TYPES OF SPOOFING?

Spoofing can be carried out at different layers also. IP spoofing occurs at the
network layer as per OSI model (the 3rd layer).

Spoofing Device media access control (MAC) addresses in Address Resolution
Protocol (ARP) header occurs in the data link layer, in the Ethernet frames
carrying that protocol.

Another type of spoofing is DNS (DOMAIN NAME SYSTEM) spoofing. This
type of attack exploit DNS vulnerabilities and divert internet traffic away from
legitimate servers and towards fake servers.

1.8. VIRTUAL PRIVATE NETWORK (VPN)
1.8.1. What is VPN?

VPN stands for Virtual Private Network, A VPN, or Virtual Private Network,
allows you to create a secure connection to another network over the Internet.
VPNs can be used to shield your browsing activity from prying eyes on public
Wi-Fi, access region-restricted websites, and more.

In layman terms, a VPN connects your PC, smartphone, or tablet to another
computer (called a server) somewhere on the internet, and allows you to
browse the internet using that computer’s internet connection. If that server is

in a different country, it will appear as if you are coming from that country,
and you can potentially access things that you couldn’t without the VPN.

1.8.2. How does a VPN work?

The concept of VPN technology focuses on the inter-medium between private
networks and the public network. The intermediate device, be it software
oriented, hardware oriented or a combination of the two, acts on behalf of the
private network that it protects. When a local hosts sends data to a host in a
remote network, the data must first pass from the private network through the
protecting gateway device, travel through the public network, and then pass
through the gateway device that is protecting the destination host in the remote
network. VPN protects the data by automatically encrypting it before it is sent
from one private network to another, encapsulating it into an IP packet, and
then automatically decrypting the data at the receiving end.

1.8.3. What is TOR and TOR Browser?

TOR is the easiest way to browse the web anonymously. TOR is short for The
Onion Router. Initially it was a worldwide network of servers developed with
the U.S. Navy that enabled people to browse the internet anonymously. Now,
it's a non-profit organization whose main purpose is the research and
development of online privacy tools.

The TOR network disguises your identity by moving your traffic across
different TOR servers, and encrypting that traffic so it isn't traced back to you.

Anyone who tried would see traffic coming from random nodes on the TOR
network, rather than your computer.

To access this network, you just need to download the TOR browser.
Everything you do in the browser goes through the TOR network.
TOR Browser is a web browser that anonymizes your web traffic using the
TOR network, making it easy to protect your identity online.

1.9. TOR BROWSER

1.9.1. What is a Proxy?
A web proxy works almost in the same way as a VPN. By connecting to the
proxy server, all your web traffic flows through the proxy server. Your IP
address gets hidden by the proxy server’s IP address.
But there are two major differences between proxy and VPN.
First, web proxies are typically unencrypted. Even if your IP address is masked
by a proxy, the traffic itself can still be tracked by ISPs and governments. Also,
some websites may still be able to see your real IP address using Flash or
JavaScript.

Second, some browsers let you route only browser traffic. To use a web proxy,
you go into your web browser’s settings and manually input the proxy server’s
IP address. This allows applications and devices outside the web browser, like
Skype, to still use your actual IP address.

1.9.2. How does a Proxy work?

A proxy server is basically a computer on the internet with its own IP address
that your computer knows. When you send a web request, your request goes to
the proxy server first. The proxy server then makes your web request on your
behalf, collects the response from the web server, and forwards you the web
page data so you can see the page in your browser.

References:

• What Is Tor and Should I Use It? - Thorin Klosowski
https://lifehacker.com/what-is-tor-and-should-i-use-it-1527891029

• Global Information Assurance Certification Paper
https://www.giac.org/paper/gsec/561/understanding-virtual-private-
networks-vpn/101344

• What is a Proxy Server and How Does it Work? – Jeff Petters
https://www.varonis.com/blog/what-is-a-proxy-server/

• IP Spoofing- Margaret Rouse
https://searchsecurity.techtarget.com/definition/IP-spoofing