|
-
November 25th, 2002, 11:12 PM
#1
Member
IP Spoofing
Is there any known IP spoofer that will allow a hacker or user to specify what their spoofed address will be??? Thanks.
The End Justifies The Means...
-
November 25th, 2002, 11:17 PM
#2
Member
brandon64_99, back up your question. Why do you want to know this? BTW, you will be negged ,just to warn you. Go read the faqs
-http://www.antionline.com/misc.php?action=faq
I read somewhere you shouldn\'t always believe what you read so what the Hell am I supposed to do?
-
November 25th, 2002, 11:35 PM
#3
http://www.antionline.com/showthread...hreadid=113143
To get you started, try the above post.
after all you didn't ask how to abuse it, so go ... learn ... be good :-)
-
November 25th, 2002, 11:38 PM
#4
IP spoofers arent in the frequently asked questions, but to try and help him because HFS is impossible sometimes, ok http://www.google.com (im not saying go look here because i dont wanna help him im just saying because i dont have any particular sites that could help him at the moment. in the google search (hey might even try yahoo, lol) search for IP spoofing and do another search in another window (so you can keep looking in the first) for IP spoofers as in looking for the tools, sorry i cant help more but IP spoofing is one thing im not to great at right now (im still learning ok! lol ) and im sure the other members will help you out, just gotta ask the right way, and as for HFS telling him he will be negged, how do you know he isnt doing this because he was attacked and is curiouse? well anyway guys hope you learn=)
-
November 25th, 2002, 11:40 PM
#5
Member
I wasn't assuming he was going to use the info for malicious reasons, but I have asked a question similar to that in my first account that was banned this past summer. I was negged to death just for that post. I just wanted to warn him that the same thing may happen. Good luck on your research!
I read somewhere you shouldn\'t always believe what you read so what the Hell am I supposed to do?
-
November 25th, 2002, 11:41 PM
#6
Brandon, I have no idea what your intentions are in relation to your IP Spoofing question.
Hopefully they are good as I don't enjoy being an accessory to any malicious behavior. Here's a site to check out that offers some limited information on IP Spoofing.
http://www.iss.net/security_center/a...ng/default.htm
Also, be careful when you post a thread like this, people tend to negate it because here at AO, posting redundant topics is not taken lightly.(I've gotten blasted a few times for doing just such a deed)
The object of war is not to die for your country but to make the other bastard die for his - George Patton
-
November 25th, 2002, 11:55 PM
#7
First check the posts listed at the bottom of your own thread. Keep in mind the point and click spoofs were delt with long ago most if not all firewalls pick off spoofed IP as well as routers. So now days spoof it your like a knight in shinning armor, a lighthouse, a beacon in the night upon the web, and that is after you get past your ISP LOL. In short want to stand out spoof whom you are on your ISP's network, need a clear understanding beyond point and click if TCP/IP stacks. Good luck and oh check the software archive here dah! Pesky lazy kid research it here ton's of info. New to you does not mean unknown?
I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg 
-
November 26th, 2002, 11:09 PM
#8
Member
Spoofing
The reason for this question, is the fact that im interested in learning about IP spoofers. Example: If a student wishes to gain access to a adminstrative backbone from a curriculum backbone, what would this hacker have to do? Well, lets say a standard ACL was implemented between the two backbones to prevent a range of addresses on the Cbackbone from communicating to the admin backbone. Well if one could spoof their address exactly to be a 'trusted' host, they would have the ability to gain access to the admin backbone. How could we prevent this from happening? I dont even understand this concept very well, the concept within LANS or the concept of spoofing addresses on the internet. if one was to spoof their address from a private LAN, from 10.120.5.6 to 10.120.?.?, how would the gateway translate this? Wouldn't one have to spoof the gateway address for complete stealth?
Thanks
Those links explained alot, thanks guys!
The End Justifies The Means...
-
November 27th, 2002, 02:26 PM
#9
Brandon: You don't really need to worry about spoofed IP's as long as your students have no knowledge of what is on the Admin network. If they instigated a portscan to try to enumerate the resources on the admin lan with spoofed source addresses they will get no replies. It's just like you sending a letter to your mother and putting the wrong return address on it. Her reply will go to someone elses house.
Of course if the ACL's you mention are not in place and the router routes traffic from curriculum to admin then a simple portscan would be enough to enumerate the network. Additionally if the ACL's are not currently in place and someone has enumerated the network previously then you still have a probem with spoofed addresses after implimenting the ACL's. There are certain things you can do to carry out a blind attack if you know certain exploitable services are available at a given address. You don't need to see replies you just fire away with the exploit. The spoofed address will pass the ACL and reach the destination machine. Once the attack is complete then the server may have a "phone home" program installed that will pass the ACL as well back to the curriculum lan.
Do you need access across the two networks is the first question I would ask? If you do then exactly what access do you need and why? (the why is pertinent since if it is only for convenience then you need to weigh the inconvenience of your inability to connect through against the inconvenience and embarrassment of being compromised by a student..... :)
You may want to firewall the two networks and only allow access from certain machines through to the admin side and put strong authentication on any connection made. I would also set pretty strict egress filters on the firewall too - never can be too sure.....
Also - assuming there should never be _any_ access other than your own from the curriculum lan to the admin set up a Snort box, (www.snort.org) on the admin side and write rules to alert on any traffic from the curriculum lan. Set the $HOME_NET to xxx.xxx.xxx.0/24, (Admin Lan), and the $EXTERNAL_NET to !HOME_NET, (Anything other than admin lan), in the snort.cfg file. The rules would look like this:-
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Curriculum LAN TCP Access Attempt"; classtype: bad-unknown;)
alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"Curriculum LAN UDP Access Attempt"; classtype: bad-unknown;)
You could limit your alerts by using the rule below to only capture the initial SYN packet:-
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Curriculum LAN TCP Access Attempt"; Flags: S; classtype: bad-unknown;)
That config will alert you to every common connection from any IP other than your admin lan even if the IP's were spoofed. Then sit back and wait.....
Hope this helps
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
November 27th, 2002, 06:09 PM
#10
yeah, I\'m gonna need that by friday...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
