spoofing ip address question...

[nihil]

Say I use a Fake IP address and that IP address does exist in the real world. Now is it possible that if some trojan be installed on the computer whose IP has been spoofed, would I come to know the rsponse from the server.... and then delete the logs from the spoofed computer

No, that was SirDice's point. You send out a false address and the response comes back to the false address, so you never get to see it.

EDIT: There are two concepts here which I will crudely explain:

1. "Spoofing" = appearing to be something that it is not.
2. "Anonymous" = not being traceable to the true originating individual.

#1 is about addresses whilst #2 is about people.

So, if I go and connect to one of the free wirless hotspots in my town, I am to all intents and purposes anonymous and legally connected. If I leech someone's unsecured wireless connection I am still anonymous unless I am "caught in the act" (physically), but what I am doing may well be illegal, depending on local legislation.

I am using a perfectly normal and valid address that is not spoofed, in both of those cases. The identity will trace back to the owner of the facility, and not the user.

A trojan using a compromised computer is doing the same. It is using perfectly valid and legitimate resources but without permission.

A "legal" form of the trojan scenario would be an anonymous proxy. In that situation, the identity would trace back to the proxy in the first instance.

If I send a spoofed address, anything trying to respond will use that address. If the address does not exist the response will fail. If the address is genuine but is offline, that will fail.............if it is online it should be blocked/dropped because it did not send a request to which the response relates.

[Opus00]

If you want to get technical, the real concept of "spoofing" in the orignal sense has to do with tcp/ip sequence number predictability and being able to hijack/inject into an established tcp/ip session.

[caveman8fb]

nmap has the ftp bounce relay option.

Script kiddies make the logs look good, so we can keep our jobs.

[phishphreek]

nmap has the ftp bounce relay option.

Exactly. I was just going to point this one out.

Don't forget about the idle scan too.
http://en.wikipedia.org/wiki/Idle_scan

Anyway, as others have pointed out, computer security is a double edge sword. What good is trying to protect your systems if you don't know the methods that the attackers might be using? How do you setup your defenses?

Thats why we have something called ethics. Learn all you want about whatever you want... but use your knowledge wisely. If you want to be dumb and have your ISP canceling your account or dragging you or your parents into court... then go for it!

You'll find that a lot of the very serious security professionals monitor/participate in the "underground" scene to keep up to date. They gain their trust, offer advise, etc. all to stay ahead of them.

Why do we have books like the Hacking Exposed series, or Hack Attacks Revealed series? Not only script kiddies buy those books.