Ann Mary Jacob, Saritha S
Abstract: Cyber crimes are becoming increasingly sophisticated and have more severe economic impacts. Each attacker goal can be divided into four main classes: Interruption, interception, modification and fabrication. Based on the attacker goals there are mainly two types of attack, active attack and passive attack. Active attacks are those in which attacker can modify information, interruption services and aim to gain unauthorized access to the network systems. During passive attack, the attacker simply monitors the transmission between the two parties and capture information that is send and receive. For this many traditional network devices such as Intrusion Detection System (IDS), firewalls and security scanners are available. However these techniques will not be able to detect the IP spoofing attacks. And also the spoofing attacks are man-in-the-middle attack. Hence there should be some mechanism by which such attacks can be detected. Through this paper we aim to make a comparative study on various mechanisms by which IP spoofing attack can be detected and specify the different available techniques to prevent the IP spoofing attack. First a penetration test method is presented to detect IP spoofing through the design flaws. Second paper, Defense Against Spoofed IP Traffic Using Hop-Count Filtering, says how IP spoofing can be detected using hop count value. The third paper, A protection Method against Unauthorized Access and Address Spoofing for Open Network Access Systems, which proposed a system for IP spoofing detection has been studied. Finally a comparison of these three methods has been made. The forth paper, Enhanced ARP: Preventing ARP Poisoning-Based Man-in-the-Middle Attacks, defines how to enhance the ARP to detect and prevent man-in-the-middle attack. Through our study we concluded that the system proposed in A protection Method against Unauthorized Access and Address Spoofing for Open Network Access Systems is more efficient and less complex that the other two techniques.
Keywords: Destination IP address, Hop count filtering, IP spoofing, Man-in-the-middle attack, Penetration test, source IP address