what is web spoofing?? by hutch1988

VIEWS: 3,606 PAGES: 29

hi friend i made this ppt to give basic idea about the web spoofing. how it happens?? what you can do???

More Info
									WEB SPOOFING

WHAT IS SPOOFING?
 Definition:  An attacker alters his identity so that some one thinks he is some one else Email, User ID, IP Address, …Attacker exploits trust relation between user and networked machines to gain access to machines.

 Four primary types:

IP address spoofing ARP poisoning Web spoofing DNS spoofing

INTRODUCTION
This paper describes an Internet security attack that could endanger the privacy of World Wide Web users and the integrity of their data. The attack can be carried out on today's systems, endangering users of the most common Web browsers, including Netscape Navigator and Microsoft Internet Explorer.

HISTORY
 The concept of IP spoofing was initially discussed in academic circles in the 1980's.  It was primarily theoretical until Robert Morris, whose son wrote the first Internet Worm, discovered a security weakness in the TCP protocol known as sequence prediction.  Another infamous attack, Kevin Mitnick's Christmas day, crack of Tsutomu Shimomura's machine, employed the IP spoofing and TCP sequence prediction techniques.  While the popularity of such cracks has decreased due to the demise of the services they exploited, spoofing can still be used and needs to be addressed by all security administrators.

WHAT IS WEB SPOOFING?
Allows an attacker to create a “shadow copy” of the entire World Wide Web. Attacker creates misleading context in order to trick the victim. Attack is like a con game. Online fraud.

STARTING THE ATTACK
 The attacker must somehow attract the victim into the attacker’s false web.  There are several ways to do this.  An attacker could put a link to false Web onto popular Web page.  If the victim is using Web-enabled email, the attacker could email the victim a pointer to false Web.  Finally, the attacker could trick a web search engine into indexing part of a false Web.

WHAT WEB SPOOFING WILL DO?
create a convincing but false world copy from the World Wire Web consequence

HAVE YOU EVER RECEIVED AN EMAIL THAT LOOKED LIKE THIS?
From: To: Subject: M.S CO-OPERATIVE BANK LIMITED MR X Your Online Banking Account is Inactive

Your Online Banking Account is Innactive

We closed your online access for security reasons.
Click here to access your account We must verify your account information. MS COOPERATIVE BANK LTD. All rights reserved.

SPOOFING ATTACKS
 In the physical world For example, there have been several incidents in which criminals set up bogus automated teller machines. the criminal copy the victim’s card and use the duplicate.  In the these attack people were fooled for the context what they saw. The location of the machine and The appearance of their electronic displays.  People using computer system often makes security relevant decisions based on contextual cues they see. For example you might decide to type in you account number because you believe you are visiting your bank’s web page. This belief might arise because the page has a familiar look.

CONTEXT
 A browser presents many types of context that users might rely on to make decisions.  Appearance – the appearance of an object might convey a certain impressions.  Name of Objects – people often deduce what is in a file by its name.  Timing of Events – if 2 things happen at the same time, the user might think they are related. Is MICR0SOFT.COM or MICROSOFT.COM the correct address for Microsoft?

CONSEQUENCES
Surveillance – the attacker can passively watch the traffic, recording which pages the victim visits and the contacts of those pages. (This allows the attacker to Tampering – the attacker can modify any of the data traveling in either direction between the victim and the Web. (The

observe any account numbers or passwords the victim enters.) attacker would change the product number, quantity or ship to address.)

HOW THE ATTACK WORKS?
URL Rewriting Forms “Secure” Connections

URL REWRITING
 The attacker’s first trick is to rewrite all of the URLs on some web page so that they point to the attacker’s server rather than the real server. Assuming the attacker’s server is on the machine www.attacker.org the attacker rewrites a URL by adding http://www.attacker.org to the front of the URL. For example, http://home.netscape.com becomes http://www.attacker.org/http://home.netscape.com  Once the attacker’s server has fetched the real document needed to satisfy the request, the attacker rewrites all of the URLs. in the document into the same special form. Then the attacker’s server provides the rewritten page to the victim’s browser.  If the victim fallows a link on the new page, the victim remains trapped in the attacker’s false web.

FORMS
When the victim submits a form, the submitted data goes to the attacker’s server. The attacker’s server can observe and even modify the submitted data, doing whatever malicious editing desired, before passing it on to the real server.

“SECURE” CONNECTIONS
The victim’s browser says it has secure connection because it does have one. Unfortunately the secure connection I to the www.attacker.organd not the place the victim is think it is. The victim’s browser think everything is fine: it was told to access a URL at www.attacker.org the secure connection indicator only gives the victim a false sense of security.

WEB TRANSACTION DURING
WEB SPOOFING ATTACK

HOW ANONYMIZER WORKS?

Because Anonymizer server fetch(取 得) the pages you want, you never actually visit thest web sites. That means your IP is hidden behind. Tracking cookies or web-bugs are neutralized in the protection process, and potentially malicious codes is removed from the page you view.

HOW ANONYMIZER WORKS?
When you activate your Anonymizer, your surfing is automatically routed to special Anonymzer servers. These servers fetch() the web pages you want to visit and rewrite them to remove potential privacy threats.

HOW ANONYMIZER WORKS ?

APPLICATIONS ANONYMIZER

APPLICATIONS ANONYMIZER
2. 連上anonymizer.com的server

1.啟動之後

3. 做URL Rewriting

COMPLETING THE ILLUSION
The attack as described thus far is fairly effective, but not perfect. There is still some remaining context that can give the victim clues that the attack is going on. Such evidence is not too hard to eliminate because browsers are very customizable. The ability of a web page to control browser behavior is often desirable, but when the page is hostile it can be dangerous.

REMEDIES
 Follow a three part strategy: Disable JavaScript in your browser so the attacker will be unable to hide the evidence of the attack; Make sure your browser’s location line is always visible; Pay attention to the URLs displayed on your browser’s location line, making sure they always point to the server you think you are connected to.

ARE THERE REMEDIES() ?
Long term solution
– We do not know a fully satisfactory long-term solution to this problem – Changing the browser so the location line will always be visible – Improved secure-connection indicator
Use “Microsoft, Inc” instead of “www.microsoft.com”

PROTECTING YOURSELF AGAINST E-MAIL OR ONLINE FRAUD
 Don’t take anything for granted.  Do not click on links you receive in an e-mail message asking for sensitive personal, financial or account information.  Call the company directly to confirm requests for updating or verifying personal or account information.  Do not share your ID’s or pass codes with anyone.  Look for secure connections on Web sites.  Always sign off Web sites or secure areas of Web Sites.  When your computer is not in use, shut it down or disconnect it from the Internet.

WEB SPOOFING: AN INTERNET CON GAME


								
To top