Page 85 - StudyBook.pdf
P. 85

General Security Concepts: Attacks • Chapter 2  69

                 checking done to verify that a packet really comes from the address indicated in
                 the IP header.When the protocols were being designed in the late 1960s, engineers
                 didn’t anticipate that anyone would or could use the protocol maliciously. In fact,
                 one engineer at the time described the system as flawless because “computers don’t
                 lie.”There are different types of IP spoofing attacks.These include blind spoofing
                 attacks in which the attacker can only send packets and has to make assumptions or
                 guesses about replies, and informed attacks in which the attacker can monitor, and
                 therefore participate in, bidirectional communications.
                    There are ways to combat spoofing, however. Stateful firewalls usually have
                 spoofing protection whereby they define which IPs’ are allowed to originate in
                 each of their interfaces. If a packet claimed to be from a network specified as
                 belonging to a different interface, the packet is quickly dropped.This protects from
                 both blind and informed attacks.An easy way to defeat blind spoofing attacks is to
                 disable source routing in your network at your firewall, at your router, or both.
                 Source routing is, in short, a way to tell your packet to take the same path back
                 that it took while going forward.This information is contained in the packet’s IP
                 Options, and disabling this will prevent attackers from using it to get responses back
                 from their spoofed packets.
                    Spoofing is not always malicious. Some network redundancy schemes rely on
                 automated spoofing in order to take over the identity of a downed server.This is
                 due to the fact that the networking technologies never accounted for the need for
                 one server to take over for another.
                    Technologies and methodologies exist that can help safeguard against spoofing
                 of these capability challenges.These include:

                      ■  Using firewalls to guard against unauthorized transmissions
                      ■  Not relying on security through obscurity, the expectation that using undocu-
                         mented protocols will protect you

                      ■  Using various cryptographic algorithms to provide differing levels of
                         authentication




                 TEST DAY TIP
                      Knowledge of TCP/IP is really helpful when dealing with spoofing and
                      sequence attacks. Having a good grasp of the fundamentals of TCP/IP
                      will make the attacks seem less abstract. Additionally, knowledge of not
                      only what these attacks are, but how they work, will better prepare you
                      to answer test questions.


                                                                              www.syngress.com
   80   81   82   83   84   85   86   87   88   89   90