-
October 11th, 2004, 07:42 PM
#1
packet injection and ip spoofing
Ok, so i have been reading up on how ipspoofing works, and they beat the OSI model into college heads these days/. What I am wondering is there a tutorial out there showing you how to spoof ips with open source software like nemesis?
kr5kernel
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
-
October 11th, 2004, 07:47 PM
#2
Would something like this be helpful? (notice down at the bottom of the discussion).
-
October 11th, 2004, 07:59 PM
#3
Well I believe that helps quite well. Thank you very much. I understand the injection, but after a packet is injected, how do you make it appear to come from another ip when making an actual tcp connection or over a syn handshake. This looks like it will clear that up for me.
Thanks again!
kr5kernel
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
-
October 11th, 2004, 10:05 PM
#4
Originally posted here by kr5kernel
Well I believe that helps quite well. Thank you very much. I understand the injection, but after a packet is injected, how do you make it appear to come from another ip when making an actual tcp connection or over a syn handshake. This looks like it will clear that up for me.
Thanks again!
*once you aquire a firearm, be extra careful that you don't blow away those tiny little toes your mommy loved to kiss when you were a baby*
-
October 12th, 2004, 02:15 PM
#5
Dually noted. Believe you me, there is not a dark bonein my body, we have recently been getting alot of bad traffic on our network from spoofed ips. I was curious as to how they were doing and wanted to see if I could replicate.
kr5kernel
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
-
October 12th, 2004, 02:22 PM
#6
Originally posted here by kr5kernel
Dually noted. Believe you me, there is not a dark bonein my body, we have recently been getting alot of bad traffic on our network from spoofed ips. I was curious as to how they were doing and wanted to see if I could replicate.
how do you know they are spoofed?
-
October 12th, 2004, 02:48 PM
#7
They will say they are coming form a machine that is turned off. or Multiple attacks from different ips at the same time utilizing the same attacks on different servers.
kr5kernel
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
-
October 12th, 2004, 04:16 PM
#8
Member
is this on a wireless network?
-
October 12th, 2004, 04:17 PM
#9
They will say they are coming form a machine that is turned off. or Multiple attacks from different ips at the same time utilizing the same attacks on different servers.
Who is they? and what specific types of activity is happening? What kind of attacks are these? (e.g., Smurf, Arp flooding, etc.)
-
October 12th, 2004, 05:15 PM
#10
Its random guessing of passwords for system accounts, ie test, guest, apache. Accounts that are locked out on linux. Every morning on several of the linux servers that have external ips we are noticing about 8-50 attempts.
kr5kernel
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|