Ok, so i have been reading up on how ipspoofing works, and they beat the OSI model into college heads these days/. What I am wondering is there a tutorial out there showing you how to spoof ips with open source software like nemesis?
Printable View
Ok, so i have been reading up on how ipspoofing works, and they beat the OSI model into college heads these days/. What I am wondering is there a tutorial out there showing you how to spoof ips with open source software like nemesis?
Would something like this be helpful? (notice down at the bottom of the discussion).
Well I believe that helps quite well. Thank you very much. I understand the injection, but after a packet is injected, how do you make it appear to come from another ip when making an actual tcp connection or over a syn handshake. This looks like it will clear that up for me.
Thanks again!
*once you aquire a firearm, be extra careful that you don't blow away those tiny little toes your mommy loved to kiss when you were a baby*Quote:
Originally posted here by kr5kernel
Well I believe that helps quite well. Thank you very much. I understand the injection, but after a packet is injected, how do you make it appear to come from another ip when making an actual tcp connection or over a syn handshake. This looks like it will clear that up for me.
Thanks again!
Dually noted. Believe you me, there is not a dark bonein my body, we have recently been getting alot of bad traffic on our network from spoofed ips. I was curious as to how they were doing and wanted to see if I could replicate.
how do you know they are spoofed?Quote:
Originally posted here by kr5kernel
Dually noted. Believe you me, there is not a dark bonein my body, we have recently been getting alot of bad traffic on our network from spoofed ips. I was curious as to how they were doing and wanted to see if I could replicate.
They will say they are coming form a machine that is turned off. or Multiple attacks from different ips at the same time utilizing the same attacks on different servers.
is this on a wireless network?
Who is they? and what specific types of activity is happening? What kind of attacks are these? (e.g., Smurf, Arp flooding, etc.)Quote:
They will say they are coming form a machine that is turned off. or Multiple attacks from different ips at the same time utilizing the same attacks on different servers.
Its random guessing of passwords for system accounts, ie test, guest, apache. Accounts that are locked out on linux. Every morning on several of the linux servers that have external ips we are noticing about 8-50 attempts.