Web Spoofing

This paper describes an Internet security attack that could endanger the privacy of World Wide Web users and the integrity of their data. The attack can be carried out on today s systems, endangering users of the most common Web browsers, including Netscape Navigator and Microsoft Internet Explorer.

1.1 HISTORY

The concept of IP spoofing was initially discussed in academic circles in the 1980 s. It was primarily theoretical until Robert Morris, whose son wrote the first Internet Worm, discovered a security weakness in the TCP protocol known as sequence prediction. Another infamous attack, Kevin Mitnick s Christmas day, crack of Tsutomu Shimomura s machine, employed the IP spoofing and TCP sequence prediction techniques. While the popularity of such cracks has decreased due to the demise of the services they exploited, spoofing can still be used and needs to be addressed by all security administrators.

1.2 WHAT IS SPOOFING?

Spoofing means pretending to be something you are not. In Internet terms it means pretending to be a different Internet address from the one you really have in order to gain something. That might be information like credit card numbers, passwords, personal information or the ability to carry out actions using someone else’s identity.

IP spoofing attack involves forging one s source address. It is the act of using one machine to impersonate another. Most of the applications and tools in web rely on the source IP address authentication. Many developers have used the host based access controls to secure their networks. Source IP address is a unique identifier but not a reliable one. It can easily be spoofed.

Web spoofing allows an attacker to create a shadow copy of the entire World Wide Web. Accesses to the shadow Web are funneled through the attacker s machine, allowing the attacker to monitor the all of the victim s activities including any passwords or account numbers the victim enters. The attacker can also cause false or misleading data to be sent to Web servers in the victim s name, or to the victim in the name of any Web server. In short, the attacker observes and controls everything the victim does on the Web.

The various types of spoofing techniques that we discuss include TCP Flooding, DNS Server Spoofing Attempts, web site names, email ids and link redirection.