SpoofingKeegan Haukaas, Samuel Robertson, Jack Murdock

Overview

Email Spoofing

IP Spoofing

Web Spoofing

Email Spoofing

Pretending to send an email from someone else

Reasons for Email Spoofing

Hide Identity

Impersonate Company or Authority

How to Spoof an Email

SMTP functions

Insert commands in headers

Examples

Posing as a Bank

Posing as Facebook

Posing as Relative

Mitigating Email Spoofing

Look at address

Read through message

Check links against legitimate site

Reporting Email Spoofing

Legitimate Company/Person

Federal Trade Commission spam@uce.gov

IP Spoofing

IP spoofing is when the IP source address is changed in the packet header

Legitimate uses' of IP Spoofing- Website Testing

Illegitimate uses of IP SpoofingDoSGain entry to System

IP Spoofing (cont.)

Nmap Ipconfig /allNmap –iflist

Nmap –e eth7 –S 10.154.14.138.10.25.17.45

Defense against IP SpoofingPacket FilteringDO NOT rely only on IP address to gain access

Web Spoofing

General techniques: Similar URLCopy Site design/code “Malvertising”

Similar URL

Mistyping Favebook vs Facebook

Alternate Top-Level DomainsWhitehouse.gov vs Whitehouse.com

Countermeasures:Purchase the alternate domain, check spelling, check

security certificate

Design Hijacking

Copies all (or all accessible) HTML, CSS, JavaScript, etc. Incorporates design into new siteMost likely also uses a spoofed/similar URL

Check for Security Certificate/HTTPSWebsites need to be verified in some way to be

granted a certificate

Countermeasures:Code obfuscation, closed-source, HTTPS, etc.

Malvertising

Stands for Malicious Advertising

Exploits ads in sitesAttacker puts up “clean” ads, gains reputationThen injects malicious code into advertisements “Drive-by” style attacks, or click activation

Attacker hacks site, injects code into banner ads

Countermeasures: Install AdBlock, don’t click on ads, avoid sites with

instrusive/pop-up ads, check site’s reputation

Summary

Email Spoofing

IP Spoofing

Web Spoofing

QA&