Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: packet injection and ip spoofing

  1. #1
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347

    packet injection and ip spoofing

    Ok, so i have been reading up on how ipspoofing works, and they beat the OSI model into college heads these days/. What I am wondering is there a tutorial out there showing you how to spoof ips with open source software like nemesis?
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Would something like this be helpful? (notice down at the bottom of the discussion).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    Well I believe that helps quite well. Thank you very much. I understand the injection, but after a packet is injected, how do you make it appear to come from another ip when making an actual tcp connection or over a syn handshake. This looks like it will clear that up for me.

    Thanks again!
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  4. #4
    Senior Member
    Join Date
    Jul 2004
    Posts
    131
    Originally posted here by kr5kernel
    Well I believe that helps quite well. Thank you very much. I understand the injection, but after a packet is injected, how do you make it appear to come from another ip when making an actual tcp connection or over a syn handshake. This looks like it will clear that up for me.

    Thanks again!
    *once you aquire a firearm, be extra careful that you don't blow away those tiny little toes your mommy loved to kiss when you were a baby*
    More cowbell! We need more cowbell!
    http://www.geocities.com/secure_lockdown/
    - - -
    \"Is the firewall there to protect you from the outside world or is it there to protect the outside world from *YOU*?\"

  5. #5
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    Dually noted. Believe you me, there is not a dark bonein my body, we have recently been getting alot of bad traffic on our network from spoofed ips. I was curious as to how they were doing and wanted to see if I could replicate.
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  6. #6
    Senior Member
    Join Date
    Jul 2004
    Posts
    131
    Originally posted here by kr5kernel
    Dually noted. Believe you me, there is not a dark bonein my body, we have recently been getting alot of bad traffic on our network from spoofed ips. I was curious as to how they were doing and wanted to see if I could replicate.
    how do you know they are spoofed?
    More cowbell! We need more cowbell!
    http://www.geocities.com/secure_lockdown/
    - - -
    \"Is the firewall there to protect you from the outside world or is it there to protect the outside world from *YOU*?\"

  7. #7
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    They will say they are coming form a machine that is turned off. or Multiple attacks from different ips at the same time utilizing the same attacks on different servers.
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  8. #8
    is this on a wireless network?

  9. #9
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    They will say they are coming form a machine that is turned off. or Multiple attacks from different ips at the same time utilizing the same attacks on different servers.
    Who is they? and what specific types of activity is happening? What kind of attacks are these? (e.g., Smurf, Arp flooding, etc.)
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  10. #10
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    Its random guessing of passwords for system accounts, ie test, guest, apache. Accounts that are locked out on linux. Every morning on several of the linux servers that have external ips we are noticing about 8-50 attempts.
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •