-
November 4th, 2003, 11:21 PM
#1
Junior Member
Ip spoofing
"Sometime on Wednesday evening someone 'spoofing' my IP address went into Wild =SOD='s Webserver and deleted all of his files. As a result my main ISP account has been suspended
does this sound plausible -- i thought that maybe that this person was guilty but thought id check it out
-
November 4th, 2003, 11:32 PM
#2
I don't know about spoofing the ip address, but they could have taken control of the computer and used it to attack the web server and delete the files. Why do you ask?
-
November 4th, 2003, 11:33 PM
#3
Possible to carry out the entire attack on a spoofed IP? Yes.
Probable.... Not really.....
I would suggest you take a close look at your box and it's security.... You were probably used as a "proxy"/"zombie".
Since your ISP has seen the logs of the attack taking place from your IP ask them for a log of all incoming connections to your IP at that time...... If there are incoming connections to your machine during the attack period you have grounds to have them reinstate your connection - if you fix your machine and it's security. If they have no logs - Change ISP anyway.... If they refuse - change ISP anyway.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
November 4th, 2003, 11:35 PM
#4
Junior Member
this fella insists that he is innocent although several think he is not -- it has actually become an interesting read -- the person in question noted that he was spoofed and that he had nothing to do with it although the logs of the server show that his ip number was systematically deleted accept for one (a hidden log) My question to him was if the hacker spoofed his ip why would he bother erasing the tracks -- it wouldnt belong to him anyway. this person refused to answer the question so i thought id get another persons perspective
thank you for your time I can link the site where this is going on if youd like to read
-
November 4th, 2003, 11:36 PM
#5
Yes it is totally plausible, if the circumstances for deleting the files did not require your ip to receive any information back. It would be a little difficult but if the server was configured improperly and sequence numbers could be determined then it could be done.
Or you could have been compromised by the attacker and he did everything from your computer. You dont have a proxy running right?
And if I did hack from a compromised machine I would still try to delete all your logs just in case the 'compromised computer' had logs and eventually you could get back to me. Erasing logs is mandatory for any good hacker to prevent any kind of back tracing wether you came from another computer or one at the public library.
That which does not kill me makes me stronger -- Friedrich Nietzche
-
November 4th, 2003, 11:53 PM
#6
Just because the "attacker" deleted the server logs from a machine he uses as a zombie doesn't mean crap. If you spent the time to build something you aren't going to risk it being torn down willy-nilly... You want it to stay.... so you delete logs so you can use the resource again.....
As far as this being a spoofed attack..... NOT.... He deleted multiple logs with no feedback and only missed the "hidden" one.... Nope.... He had feedback.... The "attacking" machine is compromised..... If it isn't..... You'll never catch the guy..... He is Uber L33t but he never types that way.....
The computer owner is innocent.... He's hacked and he doesn't know it..... But he's innocent.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
November 5th, 2003, 12:24 AM
#7
Junior Member
so it wouldnt really matter then that they deleted it -- that wouldnt suggest a guilty conscious on the part of the person suggesting he did not actually hack the site and that instead his ip was spoofed
-
November 5th, 2003, 12:37 AM
#8
If he is guilty then he should quit "whining"...
If his IP address is all over the log files he may, quite probably be innocent..... The percentage of his innocence, worldwide, is higher than his pergentage of being guilty.... But his IP is on the log files and he can do little to prove his innocence....
My honest suggestion to him, since he doesn't seem to know what he is doing...... Reformat the whole system, (ok.. have someone competent do it for him....), reinstall and find a new ISP _after_ he has put appropriate security devices/software in place.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
November 5th, 2003, 02:53 AM
#9
Junior Member
-
November 5th, 2003, 03:08 AM
#10
I think you are confusing what spoofing really is...
spoof Last modified: Tuesday, February 25, 2003
(v.) To fool. In networking, the term is used to describe a variety of ways in which hardware and software can be fooled. IP spoofing, for example, involves trickery that makes a message appear as if it came from an authorized IP address. Also see e-mail spoofing.
Source
As Tiger Shark pointed out, it is possible that his ip was spoofed, but not probable.
What Tiger Shark is suggesting that this "attacker's" machine was broken into first, and then the real "attacker" then used the supposed "attacker's" machine as a launch pad to cause damage to the other machine.
If the person was smart enough to kill the logs... then I'd hope they'd also be smart enough not to do it from their own machine.
In other words, his machine was used as a zombie.
zombie Last modified: Tuesday, February 05, 2002
(1) A computer that has been implanted with a daemon that puts it under the control of a malicious hacker without the knowledge of the computer owner.
Source
To really find out, you'd need to get a hold of the machine that was used for the attack.
Then you can perform a forensic analysis and see if that machine had been broken into, has trojans on it, examine logs, etc.
If this person claims he was spoofed... then he might not even know what it is. I'd be very difficult to "spoof" a whole attack. Not impossible... just highly improbable.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|