January 21st, 2003, 12:21 AM
Email Forgery and IP Spoofing
I'm attempting to write a tutorial on email forgery and detection. I've got the basic stuff done, but I was wondering if it is possible to spoof your IP address when sending an email, so that the mail server thinks the email is being sent from another computer. The reason I was thinking about this was because when you connect to port 25 of a mail server using SMTP you issue a whole bunch of commands to the server, but while the server's responses are useful, they aren't vital to the process. Theoretically (well to me anyway ) you could craft packets such that the mail server sends the responses to another IP address, while it's actually you who's sending the email. The advantages of this would be that in the 'received' headers your actual IP address will not appear, and also when a mail server is configured to only allow certain IP addresses to send email, you could spoof one of these addresses and send email from that mail server.
Of course, this may not be possible at all due to something I've overlooked. If someone could help me out with this, it would be greatly appreciated.
January 21st, 2003, 12:25 AM
Yes you can. Actually my ISP has an option (if you ask them) to make you browse (or send e-mails) with a different IP address and have another option you can choose to browse (or send e-mails) hiding your IP address too.
January 21st, 2003, 12:35 AM
Thanks for that confirmation -DaRK-RaiDeR-
Secondly... Does anyone know of an IP spoofer that I could use to do this under win9x? I'm certain there are tools that you can use to do this under Linux, but I'm looking specifically for a tool that works for win95/98/ME. All it needs to be able to do is spoof the IP address on outbound packets.
Any more help/input would be greatly appreciated.
January 21st, 2003, 12:46 AM
Rafale X from Pack X is a handly lil program for packet building/spoofing on Windows systems.
January 21st, 2003, 01:29 AM
I just checked out that link, and looked at Rafale X. Just checking the description (cursed with a small bandwidth, I don't download unless I'm sure about something's use, or wait till I'm at school.) I saw the packet building side of the program, but no where did they mention spoofing, that I saw.
Are you sure?
January 21st, 2003, 02:01 AM
by the nature of 9x i really dont think it very possible. it would work better with a system with raw sockets.
Althouh most mail servers ive seen have the option to verify the senders domain name against the ip. spoofing would certainly defeat this feature without a firewall that detects spoofing
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
January 21st, 2003, 02:04 AM
mobius: I have the program on my laptop and desktop and it has a source IP field.. I suppose I could test it to be completely sure.. I don't normally spoof
January 21st, 2003, 02:27 AM
Am still yet to check out the program (can't do it from where I am now), but since it is a packet crafting program, it can be used to spoof your IP address (since the packet contains that information).
Originally posted here by ^Mobius^
I saw the packet building side of the program, but no where did they mention spoofing, that I saw.
Are you sure?
February 5th, 2003, 07:03 AM
I Have Cable internet and I Can change my IP To Any other IP in my IP Range except for XXX.XXX.XXX.1 and XXX.XXX.XXX.255, i did this by going to the control panel selecting network connections, then selecting and configuring the properties and selecting the following options, Use the Following ip address, and Use the following DNS Server addresses, to get the info for the required fields goto your command prompt and type ipconfig/all and all the info you need will be displayed, from there you can modify any of the last digits of your IP Address to the one you want, ping it to make sure it times out and is useable, and then enter it as your IP Address in the Properities window, Hope i helped
February 5th, 2003, 01:32 PM
A lot depends upon the receiving server and how it is configured. The biggest problem you will have is that of mail relay. Mail servers, (well... good ones....), allow the admin to delineate the addresses it will accept SMTP connections from to prevent spammers from hijacking the server for their "business". For example I have a mailserver where the address block 192.168.0.0/16 are considered "local". The server will accept an smtp connection from any address in that block and forward the mail on to the appropriate recipient's mailserver. If you try to send a mail from your IP, say 126.96.36.199 to an address that is not in my domain you will receive a message saying that relay through this server is not allowed and your connection will be terminated.
Additionally, there are public servers across the internet that do not list the IP address of the sending station in the headers. I've seen this in mail headers but I can't remember where to find these servers 'cos it wasn't of any great import to me.
You could also use anonymizer to send and receive mail.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides