IP Spoof Prevented Technique to Prevent IP Spoofed Attack

Transcription

1 Available ONLINE VSRD-TNTJ, Vol. I (3), 2010, S H O R T C O M M U N I C A T I O N IP Spoof Prevented Technique to Prevent IP Spoofed Attack 1 Rajiv Ranjan*, 2 Khaleel Ahmad, 3 Jayant Shekhar and 4 K.P. Yadav ABSTRACT Security over Internet is a challenging issue for all who use the Internet in the all over world. That is why, in our paper we explore a mechanisms for defending against IP spoofed packet attacks, have become one of the major threats to the operation of the Internet today. We propose a novel model for detecting and preventing the most harmful and difficult to detect IP Spoofed Attacks those that use IP address spoofing to disguise the attack flow. Our technique is based on a defense model that can distinguish the attack packets (containing spoofed source addresses) from the packets sent by legitimate users. The occurrence of an attack can be quickly and precisely detected [1-P70] by the proposed model. Keywords : Distributed Denial-of-service Attacks, IP Addresses Spoofing, Security, Defense Model. INTRODUCTION The Internet is an essential part of our everyday life and many important and crucial services like banking, shopping, transport, health, and information and communication technology are partly or completely dependent on the Internet. According to recent sources the number of hosts connected to the internet has increased to almost 400 million and there are currently more than 1 billion users of the Internet. Thus, any disruption in the operation of the Internet can be very inconvenient for most of us. Unfortunately, the current routing infrastructure cannot detect that a packet s source IP address has been spoofed or from where in the Internet a spoofed IP packet has originated from. The combination of these two factors makes IP spoofing easy and effective for attacks. In fact, many different types of Internet attacks utilize spoofed IP addresses for different purposes. In a TCP hijacking attack, an attacker can inject malicious data into a TCP connection and potentially even hijack the connection if it knows the IP address, TCP port number, and correctly guesses the sequence numbers being used. Consider a telnet session, where the attacker inserts the UNIX command rm -rf /, which would 123 Lecturer, Faculty of Engineering & Technology, Swami Vivekanand Subharti University, Meerut, UTTAR PRADESH, INDIA. 4 Lecturer, ACME College of Engineering, Ghaziabad, UTTAR PRADESH, INDIA. *Correspondence : rajiv_529@rediffmail.com

2 delete all files of the current user. Another form of this attack is for the attacker to send TCP RST packets to close an existing connection. Such attacks can be particularly disruptive if the TCP connection is a BGP session between two routers. According to recent sources the number of hosts connected to the internet has increased to almost 400 million and there are currently more than 1 billion users of the Internet. Thus, any disruption in the operation of the Internet can be very inconvenient for most of us As the Internet was originally designed for openness and scalability without much concern for security, malicious users can exploit the design weaknesses of the internet to wreak havoc in its operation. Incidents of disruptive activities like viruses, computer worms and denial-of service attacks have been on the rise reports an increase of such incidents from 252 in 1990 to 137,529 in 2003). The incidents which have raised the most concern in recent years are the Denial-of-Service (DoS) attacks whose sole purpose is to reduce or eliminate the availability of a service provided over the Internet, to its legitimate users [1-P70] [2]. This is achieved either by exploiting the vulnerabilities in the software, network protocols, or operation systems, or by exhausting the consumable resources such as the bandwidth, computational time and memory of the victim. The first kind of attacks can be avoided by patching-up vulnerable software and updating the host systems from time to time. In comparison, the second kind of DoS attacks are much more difficult to defend [1-P70]. This works by sending a large number of packets to the target, so that some critical resources of the victim are exhausted and the victim can no longer communicate with other users. For second type of attack ip spoofing is most popular tool. Packets sent using the IP protocol include the IP address of the sending host. The recipient directs replies to the sender using this source address. However, the correctness of this address is not verified by the protocol. The IP protocol specifies no method for validating the authenticity of the packet s source. This implies that an attacker could forge the source address to be any he desires. This is a well-known problem and has been well described in all but a few rare cases; sending spoofed packets are done for illegitimate purposes. Sung and Xu[22] propose an altered IP trace back approach, where the victim tries to reconstruct the attack path but also attempts to estimate if a new packet lies on the attack path or not. Their scheme is probabilistic and each router either inserts an edge marking for the IP trace back scheme or a router marking identifying the router. Unfortunately, their approach requires the victim to collect on the order of 105 attack packets to reconstruct a path and once the path is reconstructed, this scheme will likely have a high false positive rate as the router close to the victim will all lie on some attack path and frequently mark legitimate packets which will then get rejected. The original path identification marking is based on the use of the packet s TTL field as an index into the IP Identification field where a router should add its marks. This method is not as lightweight as the Stack Path identification method. Legacy routers have a harmful affect on the original Path identification scheme because they decrement the TTL of a packet but do not add any markings. The Stack Path identification scheme is robust to legacy routers and even includes the write-ahead scheme to incorporate markings for single legacy routers in the path. Collins and Reiter use a novel approach of combining Cisco Net Flow data from a large network with Skitter map data, to compare DDOS defense mechanisms [4]. Page 174 of 177

3 They measure the effectiveness of path aware defense systems (Path identification and Hop-Count Filtering),as well as Static and Network-aware clustering. Recently network capability-based systems have been proposed for network capability based systems have been proposed for DDos defense. machiraju et al. propose a secure Quality-of-Service (QOS) architecture that is based on network capabilities [5]. Lakshminarayanan et al. leverage the i3 infrastructure to enable a receiver to cut off unwanted senders [6]. Anderson et al. [7] present an infrastructure where the sender uses a capability to set up a path to the receiver. We subsequently proposed SIFF, a capability-based system that allows a receiver to enforce flow-based admission control [8]. Yang et al. propose a capability-based mechanism with fine-grained service levels that attempts to address the denial-of capability attack [9]. They leverage Path identification markings to filter out floods of request packets in their scheme routers attempts to provide fair sharing among capability request packets based on their Path identification markings. Path identification are complementary to capability-based systemsm, and can be used to mitigate spoofing and flooding in the capability request channel. V.Shyamaladevi and Dr. R.S.D Wahidabanu [10] propose a new approach, called StackPi (short for Stack Path Identifier), which is the first defense mechanism that satisfies all of the above desired properties. In StackPi, as a packet traverses routers on the path towards its destination, the routers deterministically mark bits in the packet s IP identification field. The deterministic markings guarantee that packets traveling along the same path will have the same marking. StackPi allows the victim and routers on the attack path to take a proactive role in defending against a DDoS attack by using the StackPi mark to filter out attack packets on a per packet basis. In addition, the victim can build statistics over time relating StackPi marks to IP addresses. Then if an attacker spoofs an IP address, it is likely that the StackPi mark in the spoofed packet will not match the StackPi mark corresponding to the legitimate IP address in the database, thus enabling the victim to tag packets with possibly spoofed source IP addresses. StackPi is not only effective against large scale DDoS attacks, but also effective against other IP spoofing attacks such as TCP hijacking and multicast source spoofing attacks. Our scheme is extremely efficient and responds quickly to attacks. Proposed system develops the path identification IP filter, which an be used to detect IP spoofing attacks with a single attack packet. It is also examine the conflicts between IPv4 fragmentation and path identification marking, and path identification deployment in an IPv6 environment. PROBLEM In IP Spoofing, an attacker gains unauthorized access to a Computer or a network by making it appear that a malicious message has come from a trusted machine by the IP address of that machine. SOLUTION IP Spoofed prevented technique is a new features of router which make the secure message or secure network. Page 175 of 177

4 Sender sends a packet which pass through the first routers of the network. Router use IP Spoofing prevented technique. First of all, blocker check the IP address of Sender, see in below fig. 1. If IP address is already in use then blocker discard the packet. If IP address is not in use then blocker pass the packet & store it into IP field of IP header. After that these marking, IP packet goes to next router, router check the packet is marked or not. If packet is marked then pass to next router or destination point. CONCLUSION In this paper we have proposed a low-cost and efficient scheme called IP Spoofed prevented technique, for defending against IP spoofed attacks. IP Spoofed prevented technique is actually use for Path Identification to prevent IP Spoofed attack. FUTURE SCOPE If the suggestion as given in my paper will be implemented practically; it is the most chances to free our internet from IP Spoofed Attack and also chances to explore my idea in future to enhance the security in the field of Internet & Network too. REFERENCES [1] International Journal of Network Security, Vol.7, No.1, PP.70 81, July 2008 (Received Aug. 9, 2006; revised and accepted Nov. 8, 2006) Yao Chen1, Shantanu Das1, Pulak Dhar2, Abdulmotaleb El Saddik1, and Amiya Nayak1 [2] Y. Chen, S. Das, P. Dhar, A. E. Saddik, and A. Nayak, An effective defence mechanism against massively distributed denial of service attacks, inthe 9th World Conference on Integrated Design & Process Technology (IDPT 06), San Diego, June2006. [3] Alex C. Snoeren, Craig Partridge, Luis A. Sanchez, Christine E.Jones, Fabrice Tchakountio,Stephen T. Kent, and W. Timothy Strayer, Hash-based IP traceback, in Proceedings of The ACMSIGCOMM 2001 Conference on Applications,Technologies, Architectures,and Protocols for Computer Communication (SIGCOMM 01),Aug. 2001, pp [4] Y. Michael Collins and Michael K. Reiter. An impirical Analysis of Target-Resident DoS Filters. In IEEE Symposium on Security and Privacy, May Page 176 of 177

5 [5] A. Micah Adler, Tradeoffs in probabilistic packet marking for IP traceback, in Proceedings of 34th ACM Symposium on Theory of Computing (STOC), [6] Kihong Park and Heejo Lee, On the effectiveness of routebased packet filtering for distributed DoS attack prevention in power law internets, in ACM SIGCOMM 01, 2001 [7] Abraham Yaar, Adrian Perrig, and Dawn Song, Pi: A path identification mechanism to defend against DDoS attacks, in IEEE Symposium on Security and Privacy, May [8] Alex C. Snoeren, Craig Partridge, Luis A. Sanchez, ChristineE. Jones, Fabrice Tchakountio,Beverly Bchwartz,Stephen T.Kent, and W. Timothy Strayer, Single-packet IP trace back, IEEE/ACM Transactions on Networking (ToN), vol.10, no. 6,Dec [9] Minho Sung and Jun Xu, IP traceback-based intelligent packet filtering: A novel technique for defending against internet DDoS attacks, in Proceedings of IEEE ICNP 2002, Nov [10] V.Shyamaladevi, Dr. R.S.D Wahidabanu Analyze and Detemine the IP Spoofing Attacks Using Stackpath Identification Marking and Filtering Mechanism. [11] Micah Adler. Tradeoffs in Probabilistic Packet Marking for IP Traceback.In Proceedings of 34th ACM Symposium on Theory of Computing(STOC), pages , Page 177 of 177