Folks.... what exactly is Ip spoofing ???... I hear that it can be done only through Unix... Why is that ???
Printable View
Folks.... what exactly is Ip spoofing ???... I hear that it can be done only through Unix... Why is that ???
IP spoofing is sending IP packets with a different "source" IP address than your own.
No, it cannot only be done through Unix.
IP spoofing is used by some crackers - mostly for denial of service attacks.
Obviously when your machine sends spoofed packets, it cannot get the responses to them because those go somewhere else.
Spoofing DoS (particularly DDoS) attacks are pretty difficult to stop because you can't block the packets by IP because they can have random spoofed IPs.
Some tools also use spoofed IPs, for example nmap's "Idle scan" uses spoofed IPs to bounce scans off another machine. This is clever.
Slarty
Thanks ! ... But i heard that OSs like windows dont allow such low level stuffs.. is it true ??
Not really.Quote:
Originally posted here by Waveshifter
Thanks ! ... But i heard that OSs like windows dont allow such low level stuffs.. is it true ??
There are a few features of nmap which don't work in the Windows version AFAIK - I don't know if the ones which require spoofing are involved.
However, I'm sure it is possible under Windows for apps to spoof packets, just not necessarily so easy as (for example) Linux.
It is true that a script kiddie with a copy of Visual Basic probably couldn't achieve this - but it's hardly suprising.
Slarty
IP spoofing is very much possible under windows. There are quite a few l33t h4x0r applications that do this or something like it.
Cheers,
cgkanchi
Correct me if i am wrong but ithink that ip spoofing is not only for dos attacks...by Ip spoofing you can do a lot of thinks... kevin mitnick had once attacked a network by using ip spoofing...see the attached file...the meaning of it is that you change an ip into a fake one...
Generally, IP/DNS spoofing is used to assume the identity of someone (host) to attempt to avoid detection and have interaction with the another host. You must have an indepth knowledge of TCP/IP, sequence numbers, etc. But inorder for the villian to accomplish his deed, he must first disable the other host (IP) and masquerade as that host. There's a whole bunch of folks in jail just waiting for new cellmates! ;) You might want to steer clear of this.
Wave, check out this link, it's a brief explanation of IP Spoofing and the type of attacks that can be generated using IP Spoofing. This will maybe help you better understand what exactly is going on when someone spoofs IP's.
IP Spoofing
IP spoffing has many applications:
1) DDoS
2) DoS
3) Man-In-The-Middle Attacks
4) Session Hijacking
5) Exploiting Trusted IP's (ie. firewalls...linux's rshell)
If you would like some info on any of those topics, i can point you to a vast amount of information.
TheTempest
Why not just post them?Quote:
If you would like some info on any of those topics, i can point you to a vast amount of information.