ipspoofingseminarreport-111014111833-phpapp02
TRANSCRIPT
-
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
1/25
IP Spoofing 09IT054
Acknowledgement
It gives me immense pleasure in presenting seminar onIP Spoofing. I would
like to acknowledge the contribution of certain distinguished people without their
support and guidance this seminar would not have been concluded.
!irst of all I thank "od the almight# for blessing me in making m# seminar a
successful one. I hereb# wish to e$press m# gratitude to our principal Dr.
Jayeshkumar S. Patel for providing us all facilities. I also e$press m# sincere
gratitude toMs. Khyati Shah %ead of &epartment of Information Technolog# for her
guidance and support to shape this seminar in a s#stematic wa#. I am also greatl#
indebted to Ms. Bijal Selarka 'sst. Professor of (.). * I.T. &epartment for her
valuable suggestions in the preparation of the seminar. In addition I would like to
thank all staff members of (.). * I.T. &epartment and all m# friends of IT for their
suggestions and constructive criticism.
Rahul M Polara
Abstract
&epartment of Information Technolog# + ,I)-
-
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
2/25
IP Spoofing 09IT054
IP spoofing is a method of attacking a network in order to gain unauthori/ed access.
The attack is based on the fact that Internet communication between distant computers
is routinel# handled b# routers which find the best route b# e$amining the destinationaddress but generall# ignore the origination address. The origination address is onl#
used b# the destination machine when it responds back to the source.
In a spoofing attack the intruder sends messages to a computer indicating that the
message has come from a trusted s#stem. To be successful the intruder must first
determine the IP address of a trusted s#stem and then modif# the packet headers to
that it appears that the packets are coming from the trusted s#stem.
In essence the attacker is fooling spoofing1 the distant computer into believing that
the# are a legitimate member of the network. The goal of the attack is to establish a
connection that will allow the attacker to gain root access to the host allowing the
creation of a backdoor entr# path into the target s#stem.
&epartment of Information Technolog# + ,I)- 2
-
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
3/25
IP Spoofing 09IT054
Index
. Introduction to IP Spoofing
2. 3rief %istor# of IP Spoofing
. T(P*IP P-T(6 S7IT)
. Internet Protocol
.2 Transmission (ontrol Protocol
. (onse8uences of the T(P*IP &esign
4. Spoofing 'ttacks
4. itnick 'ttack
4.2 Session %i:ack 4. &os 'ttack
4.4 ;on 3lind 'ttack
4.5 3lind 'ttack
5. echanism of the 'ttack
-
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
4/25
IP Spoofing 09IT054
&epartment of Information Technolog# + ,I)- 4
-
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
5/25
IP Spoofing 09IT054
1. INTRODUTION
(riminals have long emplo#ed the tactic of masking their true identit# from
disguises to aliases to caller>id blocking. It should come as no surprise then that
criminals who conduct their nefarious activities on networks and computers should
emplo# such techni8ues. IP spoofing is one of the most common forms of on>line
camouflage. In IP spoofing an attacker gains unauthori/ed access to a computer or
a network b# making it appear that a malicious message has come from a trusted
machine b# ?spoofing@ the IP address of that machine. In the subse8uent pages of
this report we will e$amine the concepts of IP spoofingA wh# it is possible how it
works what it is used for and how to defend against it.
&epartment of Information Technolog# + ,I)- 5
-
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
6/25
IP Spoofing 09IT054
!. "r#e$ h#stor% o$ IP &'oo$#ng
The concept of IP spoofing was initiall# discussed in academic circles in
the 9B0Cs. In the 'pril 9B9 article entitledA ?Securit# Problems in the T(P*IP
Protocol Suite@ author S. 3ellovin of 'T D T 3ell labs was among the first to
identif# IP spoofing as a real risk to computer networks. 3ellovin describes how
-obert orris creator of the now infamous Internet Eorm figured out how T(P
created se8uence numbers and forged a T(P packet se8uence. This T(P packet
included the destination address of his ?victim@ and using an IP spoofing attack
orris was able to obtain root access to his targeted s#stem without a 7ser I& or
password. 'nother infamous attack Fevin itnickCs (hristmas &a# crack of
Tsutomu ShimomuraCs machine emplo#ed the IP spoofing and T(P se8uence
prediction techni8ues. Ehile the popularit# of such cracks has decreased due to
the demise of the services the# e$ploited spoofing can still be used and needs to
be addressed b# all securit# administrators. ' common misconception is that GIP
spoofingG can be used to hide #our IP address while surfing the Internet chatting
on>line sending e>mail and so forth. This is generall# not true. !orging the
source IP address causes the responses to be misdirected meaning #ou cannot
create a normal network connection. %owever IP spoofing is an integral part of
man# network attacks that do not need to see responses blind spoofing1.
&epartment of Information Technolog# + ,I)-
-
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
7/25
IP Spoofing 09IT054
(. TP)IP PROTOO* &UIT+
IP Spoofing e$ploits the flaws in T(P*IP protocol suite. In order to
completel# understand how these attacks can take place one must e$amine the
structure of the T(P*IP protocol suite. ' basic understanding of these headers
and network e$changes is crucial to the process.
(.1 Internet Protocol , IP
The Internet Protocol or IP as it generall# known1 is the network la#er of the
Internet. IP provides a connection>less service. The :ob of IP is to route and send a
packet to the packetCs destination. IP provides no guarantee whatsoever for the
packets it tries to deliver. The IP packets are usuall# termed datagrams. The datagrams
go through a series of routers before the# reach the destination. 't each node that the
datagram passes through the node determines the ne$t hop for the datagram and
routes it to the ne$t hop. Since the network is d#namic it is possible that two
datagrams from the same source take different paths to make it to the destination.
Since the network has variable dela#s it is not guaranteed that the datagrams will be
received in se8uence. IP onl# tries for a best>effort deliver#. It does not take care of
lost packetsH this is left to the higher la#er protocols. There is no state maintained
between two datagramsH in other words IP is connection>less
T#e IP $eade" is s#o%n a&ove. T#e 'e"sion is cu""entl( set to 4.
In o"de" to distinguis# it !"o) t#e ne% ve"sion IPv*+ IP is also "e!e""ed
to as IPv4. T#e sou"ce add"ess and t#e destination add"ess a"e 4,&(te
Inte"net add"esses. T#e -ptions feld contains va"ious options suc# as
sou"ce &ased "outing+ and "eco"d "oute. T#e sou"ce &ased "outing
allo%s t#e sende" to speci!( t#e pat# t#e datag"a) s#ould tae to
"eac# t#e destination. eco"d "oute allo%s t#e sende" to "eco"d t#e
"oute t#e datag"a) is taing. one o! t#e IP felds a"e enc"(pted and
t#e"e no aut#entication. It %ould &e et"e)el( eas( to set an a"&it"a"(
destination add"ess o" t#e sou"ce add"ess2+ and IP %ould send t#e
datag"a). T#e destination #as no %a( o! asce"taining t#e !act t#at
&epartment of Information Technolog# + ,I)- =
-
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
8/25
IP Spoofing 09IT054
t#e datag"a) actuall( o"iginated !"o) an IP add"ess ot#e" t#an t#e
one in t#e sou"ce add"ess feld. It is eas( to see %#( an(
aut#entication sc#e)e &ased on IP,add"esses %ould !ail.
(.! Transm#ss#on ontrol Protocol , TP
IP can be thought of as a routing wrapper for la#er 4 transport1 which
contains the Transmission (ontrol Protocol T(P1. 7nlike IP T(P uses a
connection>oriented design. This means that the participants in a T(P session
must first build a connection > via the >wa# handshake S;>S;*'(F>'(F1
> then update one another on progress > via se8uences and acknowledgements.
This ?conversation@ ensures data reliabilit# since the sender receives an F
from the recipient after each packete$change.
's #ou can see above a T(P header is ver# different from an IP header. Ee are
concerned with the first 2 b#tes of the T(P packet which contain port and
se8uencing information. uch like an IP datagram T(P packets can be
manipulated using software. The source and destination ports normall# depend
on the network application in use for e$ample %TTP via port B01. EhatCs
important for our understanding of spoofing are the se8uence and
acknowledgement numbers. The data contained in these fields ensures packet
deliver# b# determining whether or not a packet needs to be resent. The
se8uence number is the number of the first b#te in the current packet which is
relevant to the data stream. The acknowledgement number in turn contains the
value of the ne$t e$pected se8uence number in the stream. This relationship
confirms on both ends that the proper packets were received. ItJs 8uite different
than IP since transaction state is closel# monitored.
(.( onse-uences o$ the TP)IP Des#gn
;ow that we have an overview of the T(P*IP formats letCs e$amine the
conse8uences. bviousl# itCs ver# eas# to mask a source address b#
manipulating an IP header. This techni8ue is used for obvious reasons and is
emplo#ed in several of the attacks discussed below. 'nother conse8uence
&epartment of Information Technolog# + ,I)- B
http://www.faqs.org/rfcs/rfc793.htmlhttp://www.faqs.org/rfcs/rfc793.html -
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
9/25
IP Spoofing 09IT054
specific to T(P is se8uence number prediction which can lead to session
hi:ackingor host impersonating. This method builds on IP spoofing since a
session albeit a false one is built. Ee will e$amine the ramifications of this in
the attacks discussed below.
&epartment of Information Technolog# + ,I)- 9
http://www.owasp.org/asac/auth-session/hijack.shtmlhttp://www.owasp.org/asac/auth-session/hijack.shtmlhttp://www.owasp.org/asac/auth-session/hijack.shtmlhttp://www.owasp.org/asac/auth-session/hijack.shtml -
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
10/25
IP Spoofing 09IT054
. &POO/IN0 ATTA&
There are a few variations on the t#pes of attacks that successfull#
emplo# IP spoofing. 'lthough some are relativel# dated others are ver#
pertinent to current securit# concerns. IP>spoofing consists of several steps
which I will briefl# outline here then e$plain in detail. !irst the target host is
chosen. ;e$t a pattern of trust is discovered along with a trusted host. The
trusted host is then disabled and the targetCs T(P se8uence numbers are
sampled. The trusted host is impersonated the se8uence numbers guessed and a
connection attempt is made to a service that onl# re8uires address>based
authentication. If successful the attacker e$ecutes a simple command to leave a
backdoor.
.1 M#tn#ck Attack
itnick 'ttack err# K>masL itnick hacks a &iskless Eorkstation on
&ecember 25th 994 The victim + Tsutomu Shinomura The attack + IP spoofing
and abuse of trust relationships between a diskless terminal and login serve .! &ess#on 2#3ack
Session %i:ack 'lice 3ob )ve IJm 3obL IJm 'liceL . )ve assumes a man>in>the>
middle position through some mechanism. !or e$ample )ve could use 'rc
Poisoning social engineering router hacking etc... 2. )ve can monitor traffic
between 'lice and 3ob without altering the packets or se8uence numbers. . 't
an# point )ve can assume the identit# of either 3ob or 'lice through the Spoofed
IP address. This breaks the pseudo connection as )ve will start modif#ing the
se8uence numbers
.( Dos Attack
&oS 'ttack &enial of Service &oS1 attack aimed at preventing clients from
accessing a service. IP Spoofing can be used to create &oS attacks
&oS 'ttack Server 'ttacker 6egitimate 7sers Interweb !ake IPs Service -e8uests
!lood of -e8uests from 'ttacker Server 8ueue full legitimate re8uests get
dropped Service -e8uests
&oS 'ttack The attacker spoofs a large number of re8uests from various IP
addresses to fill Services 8ueue. Eith the services 8ueue filled legitimate userJs
&epartment of Information Technolog# + ,I)- 0
-
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
11/25
IP Spoofing 09IT054
cannot use the service. &oS becomes more dangerous if spread to multiple
computers.
. Non4"l#nd &'oo$#ng
This t#pe of attack takes place when the attacker is on the same subnet
as the victim. The se8uence and acknowledgement numbers can be sniffed
eliminating the potential difficult# of calculating them accuratel#. The biggest
threat of spoofing in this instance would be session hi:acking. This is
accomplished b# corrupting the data stream of an established connection then
re>establishing it based on correct se8uence and acknowledgement numbers withthe attack machine. 7sing this techni8ue an attacker could effectivel# b#pass
an# authentication measures taken place to build the connection.
.5 "l#nd &'oo$#ng
This is a more sophisticated attack because the se8uence and
acknowledgement numbers are unreachable. In order to circumvent this several
packets are sent to the target machine in order to sample se8uence numbers.
Ehile not the case toda# machines in the past used basic techni8ues for
generating se8uence numbers. It was relativel# eas# to discover the e$act
formula b# stud#ing packets and T(P sessions. Toda# most Ses implement
random se8uence number generation making it difficult to predict them
accuratel#. If however the se8uence number was compromised data could be
sent to the target. Several #ears ago man# machines used host>based
authentication services i.e. -login1. ' properl# crafted attack could add the
re8uisite data to a s#stem i.e. a new user account1 blindl# enabling full access
for the attacker who was impersonating a trusted host.
&epartment of Information Technolog# + ,I)-
http://www.webopedia.com/TERM/s/subnet.htmlhttp://www.webopedia.com/TERM/s/subnet.html -
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
12/25
IP Spoofing 09IT054
/#g. "l#nd &'oo$#ng
3suall( t#e attace" does not #ave access to t#e "epl(+ and
a&uses t"ust "elations#ip &et%een #osts. o" ea)ple5
$ost C sends an IP datag"a) %it# t#e add"ess o! so)e ot#e"
#ost $ost A2 as t#e sou"ce add"ess to $ost 6. Attaced #ost 62
"eplies to t#e legiti)ate #ost A2
&epartment of Information Technolog# + ,I)- 2
-
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
13/25
IP Spoofing 09IT054
5. M+2ANI&M O/ T2+ ATTA
"enerall# the attack is made from the root account on the attacking host
against the root account on the target. If the attacker is going to all this trouble
it would be stupid not to go for root. Since root access is needed to wage the
attack this should not be an issue.1
ne often overlooked but critical factor in IP>spoofing is the fact that
the attack is blind. The attacker is going to be taking over the identit# of a
trusted host in order to subvert the securit# of the target host. The trusted host is
disabled using the method described below. 's far as the target knows it is
carr#ing on a conversation with a trusted pal. In realit# the attacker is sitting off
in some dark corner of the Internet forging packets purportedl# from this trusted
&epartment of Information Technolog# + ,I)-
-
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
14/25
IP Spoofing 09IT054
host while it is locked up in a denial of service battle. The IP datagrams sent
with the forged IP>address reach the target fine recall that IP is a connectionless>
oriented protocol>> each datagram is sent without regard for the other end1 but
the datagrams the target sends back destined for the trusted host1 end up in the
bit>bucket. The attacker never sees them. The intervening routers know where
the datagrams are supposed to go. The# are supposed to go the trusted host. 's
far as the network la#er is concerned this is where the# originall# came from
and this is where responses should go. f course once the datagrams are routed
there and the information is demultiple$ed up the protocol stack and reaches
T(P it is discarded the trusted hostCs T(P cannot respond>> see below1. So the
attacker has to be smart and MknowM what was sent and MknowM what reponse
the server is looking for. The attacker cannot see what the target host sends but
she can MpredictM what it will sendH that coupled with the knowledge of what it
MwillM send allows the attacker to work around this blindness.
'fter a target is chosen the attacker must determine the patterns of trust
for the sake of argument we are going to assume the target host MdoesM in fact
trust somebod#. If it didnCt the attack would end here1. !iguring out who a host
trusts ma# or ma# not be eas#. ' Cshowmount >eC ma# show where file s#stems
are e$ported and rpcinfo can give out valuable information as well. If enough
background information is known about the host it should not be too difficult. If
all else fails tr#ing neighboring IP addresses in a brute force effort ma# be a
viable option.
&epartment of Information Technolog# + ,I)- 4
-
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
15/25
IP Spoofing 09IT054
6. METHODS TO PREVENT IP
SPOOFING ATTACK
6.1 Packet flterin
T#e "oute" t#at connects a net%o" to anot#e" net%o" is no%n as a
&o"de" "oute". -ne %a( to )itigate t#e t#"eat o! IP spoofng is &(
inspecting pacets %#en t#e( t#e leave and ente" a net%o" looing !o"
invalid sou"ce IP add"esses. I! t#is t(pe o! flte"ing %e"e pe"!o")ed on all
&o"de" "oute"s+ IP add"ess spoofng %ould &e g"eatl( "educed. g"ess
flte"ing c#ecs t#e sou"ce IP add"ess o! pacets to ensu"e t#e( co)e !"o)
a valid IP add"ess "ange %it#in t#e inte"nal net%o". #en t#e "oute"
"eceives a pacet t#at contains an invalid sou"ce add"ess+ t#e pacet is
si)pl( disca"ded and does not leave t#e net%o" &ounda"(. Ing"ess
flte"ing c#ecs t#e sou"ce IP add"ess o! pacets t#at ente" t#e net%o" to
ensu"e t#e( do not co)e !"o) sou"ces t#at a"e not pe")itted to access
t#e net%o". At a )ini)u)+ all p"ivate+ "ese"ved+ and inte"nal IP add"esses
s#ould &e disca"ded &( t#e "oute" and not allo%ed to ente" t#e net%o"
6.! /#lter#ng at the Router
If #our site has a direct connection to the Internet #ou can use #our router to help
#ou out. !irst make sure onl# hosts on #our internal 6'; can participate in trust>
relationships no internal host should trust a host outside the 6';1. Then simpl#
filter out MallM traffic from the outside the Internet1 that purports to come from the
inside the 6';1.
Implementing ingress and egress filtering on #our border routers is a
great place to start #our spoofing defense. ou will need to implement an '(6
access control list1 that blocks private IP addresses on #our downstream
interface. 'dditionall# this interface should not accept addresses with #our
internal range as the source as this is a common spoofing techni8ue used tocircumvent firewalls. n the upstream interface #ou should restrict source
&epartment of Information Technolog# + ,I)- 5
-
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
16/25
IP Spoofing 09IT054
addresses outside of #our valid range which will prevent someone on #our
network from sending spoofed traffic to the Internet.
6.( +ncr%'t#on and Authent#cat#on
Implementing encr#ption and authentication will also reduce spoofing
threats. 3oth of these features are included in Ipvspoofing is to re8uire all network traffic
to be encr#pted and*or authenticated. Ehile several solutions e$ist it will be a
while before such measures are deplo#ed as defacto standards.
&epartment of Information Technolog# + ,I)-
-
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
17/25
IP Spoofing 09IT054
7 . APP*IATION& O/ IP &POO/IN0
7.1 As%mmetr#c rout#ng 8&'l#tt#ng rout#ng9
As())et"ic "outing )eans t"ac goes ove" di:e"ent
inte"!aces !o" di"ections in and out. In ot#e" %o"ds+ as())et"ic
"outing is %#en t#e "esponse to a pacet !ollo%s a di:e"ent pat# !"o)
one #ost to anot#e" t#an t#e o"iginal pacet did. T#e )o"e co""ect and
)o"e gene"al ans%e" is+ !o" an( sou"ce IP add"ess ;A; and destination
;6;+ t#e pat# !ollo%ed &( an( pacet "e
-
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
18/25
IP Spoofing 09IT054
Fi. Satellite DS%
T#e advantage o! a satellite net%o" is to p"ovide #ig#
&and%idt# se"vices independent o! t#e use"s location ove" a %ide
geog"ap#ical a"ea. A satellite net%o" consists o! t%o t(pes o!
stations5 !eeds and "eceive"s. ve"( "eceive" #as a satellite dis#
connected to a use" station. T#e use" station #as an et"a inte"!ace+
DS= )ode) connected to t#e ISP+ t#is is called "etu"n c#annel. All
"e
-
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
19/25
IP Spoofing 09IT054
Fi. Tra&c Pat' "( Satellite DS%
7.( NAT
AT is net%o" add"ess t"anslation.
o")all(+ pacets on a net%o" t"avel !"o) t#ei" sou"ce to t#ei"
destination t#"oug# )an( di:e"ent lins. one o! t#ese lins "eall(
alte" (ou" pacet+ t#e( >ust send it on%a"d. I! one o! t#ese lins %e"e
to do AT+ t#en t#e( %ould alte" t#e sou"ce o" destinations o! t#e
pacet as it passes t#"oug#. 3suall( t#e lin doing AT %ill "e)e)&e"
#o% it )angled a pacet+ and %#en a "epl( pacet passes t#"oug# t#e
ot#e" %a(+ it %ill do t#e "eve"se )angling on t#at "epl( pacet+ so
eve"(t#ing %o"s.
&epartment of Information Technolog# + ,I)- 9
-
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
20/25
IP Spoofing 09IT054
7.. TP and IP s'oo$#ng Tools
1 enda$ for 6inu$
enda$ is an eas#>to>use tool for T(P se8uence number prediction
and rshd spoofing.21 spoofit.h
spoofit.h is a nicel# commented librar# for including IP spoofing
functionalit# into #our programs.
1 ipspoof
ipspoofis a T(P and IP spoofing utilit#.
41 hunt
huntis a sniffer which also offers man# spoofing functions.
51 dsniff
dsniff is a collection of tools for network auditing and penetration
testing. dsniff filesnarf mailsnarf msgsnarf urlsnarf and websp#
passivel# monitor a network for interesting data passwords e>mail
files etc.1. arpspoof dnsspoof and macof facilitate the interception
of network traffic.
&epartment of Information Technolog# + ,I)- 20
http://rootshell.com/archive-j457nxiqi3gq59dv/199711/mendax_linux.tgzhttp://rootshell.com/archive-j457nxiqi3gq59dv/199711/mendax_linux.tgzhttp://air.csc.ncsu.edu/xzhao/docs/DogPack/spoofers/sp/spoofit.hhttp://www.ryanspc.com/spoof/ipspoof.chttp://www.ryanspc.com/sniffers/hunt-1.3.tgzhttp://www.monkey.org/~dugsong/dsniff/http://rootshell.com/archive-j457nxiqi3gq59dv/199711/mendax_linux.tgzhttp://air.csc.ncsu.edu/xzhao/docs/DogPack/spoofers/sp/spoofit.hhttp://www.ryanspc.com/spoof/ipspoof.chttp://www.ryanspc.com/sniffers/hunt-1.3.tgzhttp://www.monkey.org/~dugsong/dsniff/ -
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
21/25
IP Spoofing 09IT054
:. Ad;antages
!reedom of spoofing. The attacker is not bounded b# a specific range of IPs.
;o wasted or unneeded initiated packets. The attacker sends one T(P*7&Ppacket per
port.;o tracing of the original scanner. &etection of the scanning machine
isimpossible at the IP la#er.
&epartment of Information Technolog# + ,I)- 2
-
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
22/25
IP Spoofing 09IT054
-
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
23/25
IP Spoofing 09IT054
1=. onclus#on
IP spoofng is less o! a t#"eat toda( due to t#e patc#es to t#e
3ni -pe"ating s(ste) and t#e %idesp"ead use o! "ando)se
-
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
24/25
IP Spoofing 09IT054
11. Re$erence
!ollowing the Nourne# of a Spoofed Packet
http://www.scs.carleton.ca/~dlwhyte/whytepapers/ipspoof.htm
;'T and ;etworks
http://www.suse.de/~mha/linux-ip-nat/diplom/node4.html
's#mmetric routing > Nani 6akkakorpi
http://keskus.hut.fi/tutkimus/ipana/paperit/QoSR/S1!-QoSR-
asymmetric.pdf
T(P*IP protocol suite > Thomas Toth
http://www.infosys.tuwien.ac.at/"eachin#/$ourses/%netSec/slides/sli.pdf
Securit# problems in the T(P*IP protocol suite S.. 3ellovin 'TDT 3ell
6aboratories urra# %ill ;ew Nerse# 0=9=4
http://www.research.att.com/~sm&/papers/ipext.pdf
Introduction To ;etwork 'ddress Translation ;'T1
http://www.firewall.cx/nat-intro.php
http://'ork.net/~phil/$rackin#/%nternet.html
http://'ork.net/~phil/$rackin#/%nternet.html IP spoofing
http://&ear.c&a.ufl.edu/teets/pro(ects/%S)*+++,1!+/perryna/index.html
&epartment of Information Technolog# + ,I)- 24
-
7/25/2019 ipspoofingseminarreport-111014111833-phpapp02
25/25
IP Spoofing 09IT054