Part One
1.What is IP spoof?
IP spoof means IP electronic spoof. We can say that one host device impersonates the IP address of another host and communicates with other devices to achieve a certain purpose technology.
Can spoof be implemented?
It can be realized, as early as 1985, an engineer at Bell Labs, Robert Morris, in one of his articles A weakness in the 4.2bsd
The concept of IP spoof is proposed in unix TCP/IP software. Interested readers can refer to the original text:
/~emv/tubed/archives/Morris_weakness_in_TCPIP.txt
But it should be noted that it is impossible to complete a complete attack simply by relying on IP spoof technology, because the existing IP
spoof technology is a "blind" invasion method, and the concept of "blind" will be explained below.
The implementation principle of spoof
We know that IP is a non-connection-oriented protocol at the network layer. The main content of the IP packet is composed of the source IP address, the destination IP address, and the transmitted data.
The IP task is to route the transmission of the packet from the source address to the destination address based on the destination address of each data packet. As for whether the message is lost or errored during transmission,
IP will not be considered. For IP, the source device has nothing to do with the destination device, they are independent of each other. IP packets are only sent based on the destination address in the data packet, so it is easier to fake IP addresses with applications of high-level protocols.
At the same time, TCP is a connection-oriented protocol that ensures the guaranteed sequential transmission of data between two communication devices. It requires the "consent" of the two parties to communicate. Each byte transmitted by both parties of TCP transmission is accompanied by a sequence number (SEQ), which expects the other party to generate an answer (ACK) after receiving it.
On the one hand, the reply notifies the other party that the data is successfully received, and on the other hand, the answer is informed that the other party that the next byte they want to receive. At the same time, to establish a TCP connection between any two devices, a starting process of confirmation between two parties is required, which is called a three-way handshake, which can be decomposed as shown below:
Step 1: Request to send SYN to the service provider, indicating that you want to initiate a TCP connection. We assume that the serial number this time is a certain value X
Trust ->Target
SYN
SEQ:X
Step 2: The service provider generates a SYN and ACK response and sends an ACK to the requesting party.
The value of ACK is X+1, indicating that the data has been received successfully and that the SEQ of the bytes that is expected to be received is X+1 the next time. At the same time, the service sends its own SEQ to the requesting party,
We assume that its serial number is a certain value Y.
Target -> Trust
SYN,ACK
SEQ:Y
ACK:X+1
Step 3: Request to send an ACK to the service provider, indicating that the service provider has received a response. This time its SEQ value is X+1, and its ACK value is Y+1, the same principle as above.
Trust ->Target
ACK
SEQ:X+1
ACK:Y+1
After completing this step, the connection between the requesting party and the service party is opened and the data can be transmitted.
1.What is IP spoof?
IP spoof means IP electronic spoof. We can say that one host device impersonates the IP address of another host and communicates with other devices to achieve a certain purpose technology.
Can spoof be implemented?
It can be realized, as early as 1985, an engineer at Bell Labs, Robert Morris, in one of his articles A weakness in the 4.2bsd
The concept of IP spoof is proposed in unix TCP/IP software. Interested readers can refer to the original text:
/~emv/tubed/archives/Morris_weakness_in_TCPIP.txt
But it should be noted that it is impossible to complete a complete attack simply by relying on IP spoof technology, because the existing IP
spoof technology is a "blind" invasion method, and the concept of "blind" will be explained below.
The implementation principle of spoof
We know that IP is a non-connection-oriented protocol at the network layer. The main content of the IP packet is composed of the source IP address, the destination IP address, and the transmitted data.
The IP task is to route the transmission of the packet from the source address to the destination address based on the destination address of each data packet. As for whether the message is lost or errored during transmission,
IP will not be considered. For IP, the source device has nothing to do with the destination device, they are independent of each other. IP packets are only sent based on the destination address in the data packet, so it is easier to fake IP addresses with applications of high-level protocols.
At the same time, TCP is a connection-oriented protocol that ensures the guaranteed sequential transmission of data between two communication devices. It requires the "consent" of the two parties to communicate. Each byte transmitted by both parties of TCP transmission is accompanied by a sequence number (SEQ), which expects the other party to generate an answer (ACK) after receiving it.
On the one hand, the reply notifies the other party that the data is successfully received, and on the other hand, the answer is informed that the other party that the next byte they want to receive. At the same time, to establish a TCP connection between any two devices, a starting process of confirmation between two parties is required, which is called a three-way handshake, which can be decomposed as shown below:
Step 1: Request to send SYN to the service provider, indicating that you want to initiate a TCP connection. We assume that the serial number this time is a certain value X
Trust ->Target
SYN
SEQ:X
Step 2: The service provider generates a SYN and ACK response and sends an ACK to the requesting party.
The value of ACK is X+1, indicating that the data has been received successfully and that the SEQ of the bytes that is expected to be received is X+1 the next time. At the same time, the service sends its own SEQ to the requesting party,
We assume that its serial number is a certain value Y.
Target -> Trust
SYN,ACK
SEQ:Y
ACK:X+1
Step 3: Request to send an ACK to the service provider, indicating that the service provider has received a response. This time its SEQ value is X+1, and its ACK value is Y+1, the same principle as above.
Trust ->Target
ACK
SEQ:X+1
ACK:Y+1
After completing this step, the connection between the requesting party and the service party is opened and the data can be transmitted.