At this point, we have a really clear map of the network, active machines, type of machines, and potential vulnerabilities. Now it is just a matter of
the operating system, version, and open ports, you look up known vulnerabilities in a database or on the Internet and go after those first. Exploiting systems is what this book is about. So as we go through this book, covering each exploit and how they work, remember this section and how it fits into the big picture
Summary
This chapter laid the groundwork for the steps an attacker would take to plan an attack. It also gave a roadmap for the rest of this book.
Everything else that we cover fits into this picture. It is always important to remember that the sooner you can stop someone by limiting the
information they gain or the sooner you can detect someone trying to get into your system, the more secure your network will be. The other key point is that even though what we covered in this chapter seems very straightforward, if you run it against another network without permission, it could be perceived as an offensive action against the site, and it could get you in a lot of trouble. From a security perspective, you should definitely run these steps against your own site, so you can better understand what information an attacker could gather. After you know this information, you will have a better idea of what things in your company need to be fixed and their priority.
Chapter 4. Spoofing
As I watch the opening scene of the movie Mission: Impossible 2 (M:I2), I am amazed as a person who I think is Tom Cruise gases everyone in the airplane and takes the test tubes from the scientist who is sitting next to him. How could this be? I thought Ethan (the character Tom Cruise plays) was a good guy. Then, as he walks through the plane, much to everyone’s astonishment, he peels off the fake face he is wearing and reveals the true person. It’s not really Ethan, but someone who is impersonating him. This has nothing to do with computers, but this is a form of spoofing. By wearing a mask, the person I thought was Tom Cruise was able to deceive or spoof the scientist into believing that he was someone else. From a hacking standpoint, there are many reasons someone would want to do this.
As we will cover in this chapter, there are various types of spoofing, each with various levels of difficulty. In its most basic form, an attacker alters his identity so that someone thinks he is someone else. This can be as easy as changing his IP address or as deceptive as impersonating the president of your company with email. The bottom line is he is altering his identity to be someone or something that he is not.
Most of this chapter will cover computer-based spoofing attacks such as IP spoofing, but because non-computer-based techniques can be just as effective, they are also covered at the end of the chapter. Remember that it does not matter how an attacker can compromise your network, just whether he can be successful. This chapter will make sure that your company is prepared to defend against any type of spoofing attack Why Spoof?
As in the preceding example, if an attacker can convince a computer or a network that he is someone else (a trusted party), he can probably access information he normally could not get. For example, if you trust John but you do not trust Joe, and Joe can spoof his identity to appear to be John, you will trust Joe (because you think he is John); and Joe can get the access he wants.
When engineers design networks, they often set up access permissions and trusts based on information like IP addresses. It is critical that you understand how easy it is to spoof such information, so that you can design better security models for your computer networks. Only by understanding the current limitations can you move forward and build networks that are less prone to attacks.
Types of Spoofing
There are four types of spoofing that will be covered in this chapter. Here is a brief explanation of each:
• IP spoofing. An attacker uses an IP address of another computer
to acquire information or gain access.
• Email spoofing. Involves spoofing from the address of an email.
In essence, the email looks like it came from Eric, but in reality, Eric did not send the email. Someone who was impersonating Eric sent it.
• Web spoofing. The World Wide Web is being used for more and
more e-commerce. To use the web for e-commerce, people have to be identified and authenticated so that they can be trusted.
Whenever an entity has to be trusted, the opportunity for spoofing arises.
• Non-technical spoofing. These types of attacks concentrate on
compromising the human element of a company. This is done through social engineering techniques.