Upload File

computer communication report

8
Computer Communication, Wireless and Mobile Communications and Information Theory and Coding Proj ect report DETECTING AND PREVENTING IP SPOOFED ATTACK BY MARKING BASED DETECTION Under the Guidance of Prof.Subhashini, Prof. NagaJayanthi and Prof.Revathi BY R. Naresh Kumar P. Varun Varma P. Vishnu Vardhan P. Surya Abhilash

Upload: varun-varma

Post on 17-Jul-2016

215 views

Category:

Documents


1 download

Report

DESCRIPTION

Project

TRANSCRIPT

Page 1: Computer Communication Report

Computer Communication, Wireless and Mobile Communications and Information Theory and Coding

Project report

DETECTING AND PREVENTING IP SPOOFED ATTACK BY

MARKING BASED DETECTION

Under the Guidance of

Prof.Subhashini, Prof. NagaJayanthi and Prof.Revathi

BY

R. Naresh Kumar

P. Varun Varma

P. Vishnu Vardhan

P. Surya Abhilash

ABSTRACT:

Page 2: Computer Communication Report

IP spoofing is generally creation of IP Packets with Forged Source IP Address impersonating another Computing System.  IP spoofing is the action of masking a computer IP address so that it looks like it is authentic. In IP spoofing, IP headers are masked through a form of Transmission Control Protocol (TCP) in which spoofers discover and then manipulate vital information contained in the IP header such as IP address and source and destination information. This IP Spoofing is mostly used in Denial-Of- Service Attacks. In these kind of attacks, the attacker goal is to flood the victim with overwhelming amounts of traffic, and the attacker does not care about receiving responses to the attack packets. These packets have the additional advantages like they are more difficult to filter since each spoofed packet appears to come from a different address, and they hide the true source of the attack. These IP Spoofing is most effective where Trusted Relationship exist between Machines. There are Various Techniques to detect IP Spoofing. The Present Work is all about Detecting the spoofed Packets coming from the attacker and their Prevention. The Technique used for Detecting and Prevention of IP Spoofing is MARKING BASED DETECTION. BackScattering is a technique used to observe denial-of-service attack activity in the Internet. The Present Work discusses the Various Stages involved and it’s Effective Use in detecting the Spoofed Packets.

Introduction:

The communication between systems in a Wireless local area network has been in great demand from the past few years since the evolution of wireless data transfer. The requirements of high speed data and improved quality of service have been increasing to meet the people’s demand. Initially the wireless communication systems were designed to meet the needs of

Page 3: Computer Communication Report

mobile subscribers which later on evolved to advanced systems comprising computers etc. the communication between computers was possible with the introduction of Internet Protocol which is a principal communication protocol mainly responsible for inter-networking and establishing the internet. With the increase in demand, the capacity of the channels has been increased by introducing different multiplexing schemes like TDMA, FDMA, SDMA etc wherein the user is allocated the channels either in the broadband spectrum, wide band or ultra wideband spectrum depending upon the demand of his/her data rate.

With increase in users who crave for wireless networks, the security concerns have also been rising dramatically. Hence the need for authentication has been given the prime importance in any wireless network and has been regarded as an important aspect in determining the Quality of Service of a network. In most of the wireless mobile communication the information can be tapped between the transmitter and the receiver and hence information can be secured by using spread spectrum technologies and several other techniques. But , unlike in mobile communications, the inter-networking have several security concerns like hacking, ip spoofing etc. which occur at the source of either transmitter or receiver.

The attacks like IP SPOOFING are inherent in the Internet Protocol due to the improper design of IPv4. Our main AIM in this project would be to isolate the denial of service attack which is an application of ip spoofing.

Expected outcome:

An Efficient algorithm which can detect and prevent the spoofed packets entering into the network and thereby protecting the TRUSTED USER from making him Denial-of-Service.

PROCEDURE:

Page 4: Computer Communication Report

The Procedure or the algorithm proposed is ‘Back MARKING Based Detection which is Effective to Detect and Prevent IP Spoofed Packets. It is clear that in the DDOS Attack, the attacker’s main aim is to flood the Target with high Traffic by sending Huge Number of Packets so that the Server responds and believes that these Packets are originated from the Source IP Address as these packets are spoofed with the Source ip Address. So, the Server in the case of its failure to detect these packets have been spoofed sends the packets to the Source where it (Target) is not going to respond at all and ultimately resulting in Denial of Service. So, inorder to prevent IP spoofing, the main interest or the requirement is to detect these Spoofed Packets at the point where SERVER is located.

The Various steps on which the entire MARKING Based Detection works are

(1). Learning Phase

(2). DataBase Construction

(3). Normal Filtering Procedure

(4). Route Change Consideration

To distinguish the Spoofed Packets, the firewall needs to keep a record of the genuine markings. In Learning Phase, a Particular period of time or Phase is fixed where no attacks will happen.

In Database Construction Phase, the Firewall is ready to develop the Database with genuine and unique Markings. In this Process, the Packet coming from the User contains an IP Header where the Source and Destination Address are stored. As soon as the IP packet leaves the source, it sees many Reuters on its way to Destination. So, at Each Reuter a XOR Operation is done with the Reuter address and the ip address which will be

Page 5: Computer Communication Report

stored as a temporary Marking. For the Next Reuters, the temporary Marking will be replaced by the Newly calculated Marking. When the Packet reaches the SERVER, it is stored right across the Source IP Address in the Database.

After the Database is created, the Firewall begins to perform its Normal Filtering Procedure Operations. To the packet from an IP address recorded in the Database, it is accepted if it has a Consisted and Matched Marking, otherwise it is dropped and we say corresponding IP Packet has been spoofed. This is how the Detection and prevention of IPspoofing is done.

The Route Change Consideration is a special Case. Though Routes on the Internet are relatively stable, they are not invariable. Once the route between two hosts has changed, the packet received by the destination will have a different marking with the one stored in the Filter Table, so that it may be dropped according to basic filtering scheme. Taking route changes into consideration, we introduce another counter called SMC, to count the number of mismatching packets for any IP address A. When the value of SMC reaches a threshold, the entry (A, Marking A) is copied to the Check List to test whether the route from this source has changed and SMCA is reset to zero. If the new marking is verified by the Check List verification process, the marking for this IP address is updated in the Filter Table. Otherwise, the original marking is preserved. Unless the route change has been verified, the original marking is still used to filter packets.

Future work:

1. Transmitting echo messages:

• To verify the markings in the Check-List, a random echo message is sent periodically to the source address for each (IP-address, Marking) pair in the Check-List, and a counter is used to record the number of echo messages have been sent for it.

• To avoid the reply being imitated by the attacker, the content of the echo message is recorded in the Check-List and compared with the content of reply received. On receiving an echo reply from the source, the marking can be verified and the (IP-address, Marking) pair is moved to the DataBase; otherwise, it indicates the previously received packet was spoofed, then this pair is deleted from the Check List.

Page 6: Computer Communication Report

• If the counter in the Check List shows that more than d(= 10) echo messages have been sent to an IP address x, then the entry for this IP address is removed from the Check List

• Since in this situation, this source IP must be either non-existent or inactive, so that the packets received with this source address are coming from the attacker and need to be rejected.

2. Provision for authentication:

To avoid the computation of XOR of each of the router’s address with the address present in the data header, which increases the computation to a huge extent and also increases the delay, the provision for authentication can be provided to the receiver system. The Process of providing provision for Authentication both for the sender as well as the Receiver increases the security and also can be used to prevent the attacker from entering into the Network until and unless he gets hold of the username and password used for authentication.

3. Use of other mathematical functions for Marking:

We used a simple XOR operation for marking the IP packets at each and every router. Instead we can use cyclic left shift and then XOR or any other complex mathematical operation can be performed on the IP address to avoid packet sniffing if once all the address of the routers are known by the spoofer. Increase the Complexity.

RESULT:


Computer-mediated communication

Computer Studies Computer Communication and Networking

Computer Communication - Kent

Computer Network Basic Concepts. Topics Computer Networks Communication Model Transmission Modes Communication Types Classification Of Computer Networks

Computer communication B

Computer communication

Computer Communication Networks

Computer-Mediated Communication

Introduction to Computer Administration. Computer Network - Basic Concepts Computer Networks Computer Networks Communication Model Communication Model

Computer communication and internet

Computer-mediated communication: identity and social ... · 1998 Heldref Publications Computer Mediated Communication 2 Computer-mediated communication: identity and social interaction

Computer-Mediated Communication

06EC-71 Computer Communication Networks - … Computer Communication Networks ELECTRONICS & COMMUNICATION ENGG VII SEMESTER COURSE DIARY PAGE 2 MVJCE Computer Communication Networks

Computer mediated communication

May 21, 2015 // Computer-Mediated Communication Trust and Trustworthiness In Computer-Mediated Communication

Technologically/Computer Mediated Communication

RESOURCE MANAGEMENT AND ALLOCATION IN COMPUTER AND COMMUNICATION NETWORKS Technical Report ·  · 2015-02-12RESOURCE MANAGEMENT AND ALLOCATION IN COMPUTER AND COMMUNICATION NETWORKS

Computer Communication & Networks

THE IMPACT OF COMPUTER BASED COMMUNICATION …moreno.ss.uci.edu/39.pdf · THE IMPACT OF COMPUTER BASED COMMUNICATION ON ... Computer communication among social networks specialists

Computer network & communication answer

Computer Communication Architecture