Ip spoofing
Page 1 of 4 123 ... LastLast
Results 1 to 10 of 40

Thread: Ip spoofing

  1. #1
    Junior Member
    Join Date
    Nov 2003
    Posts
    6

    Ip spoofing

    "Sometime on Wednesday evening someone 'spoofing' my IP address went into Wild =SOD='s Webserver and deleted all of his files. As a result my main ISP account has been suspended

    does this sound plausible -- i thought that maybe that this person was guilty but thought id check it out

  2. #2
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    I don't know about spoofing the ip address, but they could have taken control of the computer and used it to attack the web server and delete the files. Why do you ask?

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Possible to carry out the entire attack on a spoofed IP? Yes.

    Probable.... Not really.....

    I would suggest you take a close look at your box and it's security.... You were probably used as a "proxy"/"zombie".

    Since your ISP has seen the logs of the attack taking place from your IP ask them for a log of all incoming connections to your IP at that time...... If there are incoming connections to your machine during the attack period you have grounds to have them reinstate your connection - if you fix your machine and it's security. If they have no logs - Change ISP anyway.... If they refuse - change ISP anyway.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    Junior Member
    Join Date
    Nov 2003
    Posts
    6
    this fella insists that he is innocent although several think he is not -- it has actually become an interesting read -- the person in question noted that he was spoofed and that he had nothing to do with it although the logs of the server show that his ip number was systematically deleted accept for one (a hidden log) My question to him was if the hacker spoofed his ip why would he bother erasing the tracks -- it wouldnt belong to him anyway. this person refused to answer the question so i thought id get another persons perspective

    thank you for your time I can link the site where this is going on if youd like to read

  5. #5
    Senior Member
    Join Date
    Jun 2003
    Posts
    236
    Yes it is totally plausible, if the circumstances for deleting the files did not require your ip to receive any information back. It would be a little difficult but if the server was configured improperly and sequence numbers could be determined then it could be done.

    Or you could have been compromised by the attacker and he did everything from your computer. You dont have a proxy running right?

    And if I did hack from a compromised machine I would still try to delete all your logs just in case the 'compromised computer' had logs and eventually you could get back to me. Erasing logs is mandatory for any good hacker to prevent any kind of back tracing wether you came from another computer or one at the public library.
    That which does not kill me makes me stronger -- Friedrich Nietzche

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Just because the "attacker" deleted the server logs from a machine he uses as a zombie doesn't mean crap. If you spent the time to build something you aren't going to risk it being torn down willy-nilly... You want it to stay.... so you delete logs so you can use the resource again.....

    As far as this being a spoofed attack..... NOT.... He deleted multiple logs with no feedback and only missed the "hidden" one.... Nope.... He had feedback.... The "attacking" machine is compromised..... If it isn't..... You'll never catch the guy..... He is Uber L33t but he never types that way.....

    The computer owner is innocent.... He's hacked and he doesn't know it..... But he's innocent.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    Junior Member
    Join Date
    Nov 2003
    Posts
    6
    so it wouldnt really matter then that they deleted it -- that wouldnt suggest a guilty conscious on the part of the person suggesting he did not actually hack the site and that instead his ip was spoofed

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    If he is guilty then he should quit "whining"...

    If his IP address is all over the log files he may, quite probably be innocent..... The percentage of his innocence, worldwide, is higher than his pergentage of being guilty.... But his IP is on the log files and he can do little to prove his innocence....

    My honest suggestion to him, since he doesn't seem to know what he is doing...... Reformat the whole system, (ok.. have someone competent do it for him....), reinstall and find a new ISP _after_ he has put appropriate security devices/software in place.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    Junior Member
    Join Date
    Nov 2003
    Posts
    3

    Question spoofing ip and right pw 1st time

    Hi all,

    I Thank Hydro for his post and intrest in this matter too

    As Hydro said this person said his ip was spoofed ??
    After i receaved a complete log from my Hosting company I reporting this ip to there ISP

    Since then this person i has now claimed his ip address has been spoofed ??

    Ok say this person was spoofed whats the chance of them find the right User name and Password the 1st attempt to enter my site to start deleting files ??

    Also can this spoofing use a FTP program to delete these files with out the real ip address showing its self on the main log as this person did use a FTP program to delete all these files
    according to this log.

    So whats the chance of all this in a 18 minutes i must add.

    Would be very greatfull for any help on matter

    Wild.

  10. #10
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    I think you are confusing what spoofing really is...

    spoof Last modified: Tuesday, February 25, 2003

    (v.) To fool. In networking, the term is used to describe a variety of ways in which hardware and software can be fooled. IP spoofing, for example, involves trickery that makes a message appear as if it came from an authorized IP address. Also see e-mail spoofing.
    Source

    As Tiger Shark pointed out, it is possible that his ip was spoofed, but not probable.

    What Tiger Shark is suggesting that this "attacker's" machine was broken into first, and then the real "attacker" then used the supposed "attacker's" machine as a launch pad to cause damage to the other machine.

    If the person was smart enough to kill the logs... then I'd hope they'd also be smart enough not to do it from their own machine.

    In other words, his machine was used as a zombie.

    zombie Last modified: Tuesday, February 05, 2002

    (1) A computer that has been implanted with a daemon that puts it under the control of a malicious hacker without the knowledge of the computer owner.
    Source

    To really find out, you'd need to get a hold of the machine that was used for the attack.
    Then you can perform a forensic analysis and see if that machine had been broken into, has trojans on it, examine logs, etc.

    If this person claims he was spoofed... then he might not even know what it is. I'd be very difficult to "spoof" a whole attack. Not impossible... just highly improbable.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •