spoofing keegan haukaas, samuel robertson, jack murdock
TRANSCRIPT
![Page 1: Spoofing Keegan Haukaas, Samuel Robertson, Jack Murdock](https://reader036.vdocuments.us/reader036/viewer/2022082411/56649e985503460f94b9b331/html5/thumbnails/1.jpg)
SpoofingKeegan Haukaas, Samuel Robertson, Jack Murdock
![Page 2: Spoofing Keegan Haukaas, Samuel Robertson, Jack Murdock](https://reader036.vdocuments.us/reader036/viewer/2022082411/56649e985503460f94b9b331/html5/thumbnails/2.jpg)
Overview
Email Spoofing
IP Spoofing
Web Spoofing
![Page 3: Spoofing Keegan Haukaas, Samuel Robertson, Jack Murdock](https://reader036.vdocuments.us/reader036/viewer/2022082411/56649e985503460f94b9b331/html5/thumbnails/3.jpg)
Email Spoofing
Pretending to send an email from someone else
![Page 4: Spoofing Keegan Haukaas, Samuel Robertson, Jack Murdock](https://reader036.vdocuments.us/reader036/viewer/2022082411/56649e985503460f94b9b331/html5/thumbnails/4.jpg)
Reasons for Email Spoofing
Hide Identity
Impersonate Company or Authority
![Page 5: Spoofing Keegan Haukaas, Samuel Robertson, Jack Murdock](https://reader036.vdocuments.us/reader036/viewer/2022082411/56649e985503460f94b9b331/html5/thumbnails/5.jpg)
How to Spoof an Email
SMTP functions
Insert commands in headers
![Page 6: Spoofing Keegan Haukaas, Samuel Robertson, Jack Murdock](https://reader036.vdocuments.us/reader036/viewer/2022082411/56649e985503460f94b9b331/html5/thumbnails/6.jpg)
Examples
Posing as a Bank
Posing as Facebook
Posing as Relative
![Page 7: Spoofing Keegan Haukaas, Samuel Robertson, Jack Murdock](https://reader036.vdocuments.us/reader036/viewer/2022082411/56649e985503460f94b9b331/html5/thumbnails/7.jpg)
Mitigating Email Spoofing
Look at address
Read through message
Check links against legitimate site
![Page 9: Spoofing Keegan Haukaas, Samuel Robertson, Jack Murdock](https://reader036.vdocuments.us/reader036/viewer/2022082411/56649e985503460f94b9b331/html5/thumbnails/9.jpg)
IP Spoofing
IP spoofing is when the IP source address is changed in the packet header
Legitimate uses' of IP Spoofing- Website Testing
Illegitimate uses of IP SpoofingDoSGain entry to System
![Page 10: Spoofing Keegan Haukaas, Samuel Robertson, Jack Murdock](https://reader036.vdocuments.us/reader036/viewer/2022082411/56649e985503460f94b9b331/html5/thumbnails/10.jpg)
IP Spoofing (cont.)
Nmap Ipconfig /allNmap –iflist
Nmap –e eth7 –S 10.154.14.138.10.25.17.45
Defense against IP SpoofingPacket FilteringDO NOT rely only on IP address to gain access
![Page 11: Spoofing Keegan Haukaas, Samuel Robertson, Jack Murdock](https://reader036.vdocuments.us/reader036/viewer/2022082411/56649e985503460f94b9b331/html5/thumbnails/11.jpg)
Web Spoofing
General techniques: Similar URLCopy Site design/code “Malvertising”
![Page 12: Spoofing Keegan Haukaas, Samuel Robertson, Jack Murdock](https://reader036.vdocuments.us/reader036/viewer/2022082411/56649e985503460f94b9b331/html5/thumbnails/12.jpg)
Similar URL
Mistyping Favebook vs Facebook
Alternate Top-Level DomainsWhitehouse.gov vs Whitehouse.com
Countermeasures:Purchase the alternate domain, check spelling, check
security certificate
![Page 13: Spoofing Keegan Haukaas, Samuel Robertson, Jack Murdock](https://reader036.vdocuments.us/reader036/viewer/2022082411/56649e985503460f94b9b331/html5/thumbnails/13.jpg)
Design Hijacking
Copies all (or all accessible) HTML, CSS, JavaScript, etc. Incorporates design into new siteMost likely also uses a spoofed/similar URL
Check for Security Certificate/HTTPSWebsites need to be verified in some way to be
granted a certificate
Countermeasures:Code obfuscation, closed-source, HTTPS, etc.
![Page 14: Spoofing Keegan Haukaas, Samuel Robertson, Jack Murdock](https://reader036.vdocuments.us/reader036/viewer/2022082411/56649e985503460f94b9b331/html5/thumbnails/14.jpg)
Malvertising
Stands for Malicious Advertising
Exploits ads in sitesAttacker puts up “clean” ads, gains reputationThen injects malicious code into advertisements “Drive-by” style attacks, or click activation
Attacker hacks site, injects code into banner ads
Countermeasures: Install AdBlock, don’t click on ads, avoid sites with
instrusive/pop-up ads, check site’s reputation
![Page 15: Spoofing Keegan Haukaas, Samuel Robertson, Jack Murdock](https://reader036.vdocuments.us/reader036/viewer/2022082411/56649e985503460f94b9b331/html5/thumbnails/15.jpg)
Summary
Email Spoofing
IP Spoofing
Web Spoofing
![Page 16: Spoofing Keegan Haukaas, Samuel Robertson, Jack Murdock](https://reader036.vdocuments.us/reader036/viewer/2022082411/56649e985503460f94b9b331/html5/thumbnails/16.jpg)
QA&