Hiding my IP address??

Quote:

---

Originally posted here by khakisrule
Actually I don't see the irrelevance of spoofing in this discussion, he said he wanted to hide hid IP, he never said what for. Second you don't actually know if they do or don't log network traffic, I am not saying they do, but perhaps they use some kind of monitor and log what it finds.

---

Actually, I've worked for an ISP, and know several people who work for various ISPs. Logging is most often seen as a waste of time, and the only time it's done is if someone is suspected of some kind of illegal activities.

As I said, few, if any, ISPs log because it's just too demanding on their resources.

As for the spoofing his IP address, he did say for what. He said he didn't want it to show up on websites etc., therefore you know he wants to look at them, and spoofing your IP address won't let that happen...

> 2) Spoofing the source IP address will not allow you to actually receive any information,
> therefore, it is not possible to use it to hide your IP address, and again therefore is
> irrelevant to this discussion."

i know i'm going against the grain here (i'm generally the one discrediting spoofing)...but there _are_ methods/conditions that do allow for two-way communication under a spoofed address. it's not an impossibility, just an improbability, depending on external configurations and the resources at hand.

How does one "spoof" ip in windoze Xp? Do you have to download a program or change some settings?

Quote:

---

Originally posted here by droby10
i know i'm going against the grain here (i'm generally the one discrediting spoofing)...but there _are_ methods/conditions that do allow for two-way communication under a spoofed address. it's not an impossibility, just an improbability, depending on external configurations and the resources at hand.

---

If you establish two-way communication using a spoofed address, then the address is no longer 'spoofed', it is your real address, or at least an acceptable borrowed address. In either case, the data can be tracked back to you.

Quote:

---

Originally posted here by shelobo
How does one "spoof" ip in windoze Xp? Do you have to download a program or change some settings?

---

Spoofing both doesn't work a lot of the time, unless your ISP is total crap, and also isn't a 'good' thing. The only real reason you'd want to spoof your source IP address is if you were trying to launch some kind of illegal attack on another computer. In any event, I don't know anyone here who would answer your question.

Quote:

---

If you establish two-way communication using a spoofed address, then the address is no longer 'spoofed', it is your real address, or at least an acceptable borrowed address. In either case, the data can be tracked back to you.

---

but moving farther up you admitted that...

Quote:

---

Actually, I've worked for an ISP, and know several people who work for various ISPs. Logging is most often seen as a waste of time, and the only time it's done is if someone is suspected of some kind of illegal activities.

---

so i guess my question is then what measures would you employ to track the original source? every log on a target service contains invalid references to another host (the spoofed address) and if a no-logging by default attitude is taken by the provider, where would you move from there to gather information that would provide a valid origin?

Notice the word 'CAN' in that sentence. It is possible that it can be tracked back to you, not that it is.

The whole idea of spoofing and receiving a reply is bollocks anyways, it isn't spoofing at that point.

Quote:

---

Notice the word 'CAN' in that sentence. It is possible that it can be tracked back to you, not that it is.

---

good point, an oversight on my part.

Quote:

---

The whole idea of spoofing and receiving a reply is bollocks anyways, it isn't spoofing at that point

---

care to clarify the difference? the only reason i'm hounding about this is because of the lack of clarification around the term. i know you're probably thinking "no it's just you that lacks clarification on the term" and that's fine...i'll be the first to admit when i'm wrong. but first you're going to have to provide evidence that contradicts the validity between blind-spoofing and two-way spoofing.

i guess there's not going to be any takers, so i'll pick it back up by explaining spoofing in the light of both possibility and probability. i've argued it from both angles and usually take a similar stance to the one presented by chsh - but with less definative terms. i'll pre-empt this with the notion that i'm not here to discredit anyone in any of their statements. but i do hope to open the minds of those who give the impression that ip spoofing is always one way; or isn't possible in the realm of tcp.

spoofing can fall into several categories; with relation to the thread topic we're talking about ip spoofing. this, in it's most basic form, means providing false information for the source address in ip headers. this can be very useful/dangerous with connectionless transports and control messages (ie. udp, icmp, igmp, etc.)...and even more dangerous when used successfully in tcp communications.

what some have stated is that spoofed transactions are one way; being from the host providing the false information (we'll say a 'client') to the host receiving the false information ('server'). if a response is required from the server, it's going to go to the address that was provided by the client - in the case of spoofing this wouldn't be you it would be the spoofed address. with this understanding, you could feasibly forge requests to dns services, but you wouldn't get the responses back.

the measures that go into connection-oriented transports (ie. tcp) make spoofing a much more difficult task, by itself. in order to establish and carry on tcp communications, the forging host must be able to predict the isn (initial sequence number) of the server's response [which under our current assumptions isn't possible because they're going somewhere else]. a few years back, isn prediction was relatively easy - some tcp/ip stacks even used a static increment for each requested connection. so by querying the service to retrieve an isn value, you could immediately follow up with a spoofed connection request with the predicted next isn. again this was still a one-way communication; so multi-transactional tcp connections that were spoofed were considered 'blind': they required quite a bit of premeditation, and even then had a pretty shotty success rate. when it finally became widely known that this was a vulnerability, network stacks were implemented with more sophisticated algorythms for generating isns. because of this change, most, including me, will tell you that tcp spoofing with isn prediction is no longer a feasible. but that's not to say that it can't be done - the odds are simply against it right now.

so we've summed up why there is a strong position that spoofing in general is one way. and we've calculated against tcp spoofing as we cannot read the isn's and isn prediction requires time, energy, and precision that don't exist in tcp communications.

===============================================================

but, there is always more than one approach to any problem. internets are still based on routing and router discovery protocols (rip, ripv2, bgp, ebgp, rdp, etc.) and network protocols (ip); combined they provide smart failovers for traffic flooding, control messages to indicate status, utilize connectionless one-way communications to transmit said messages, play by the rules (rfcs), and listen to what they are told by trusted and neighboring hosts. route redirection/manipulation can come in many shapes and sizes; and i'm not here to discuss each one at length. but they do exist, this is a known encompassing vulnerability; which does yield the ability to spoof any host in the effected routable area _and_ receive the replies - in addition to a whole myriad of other types of attacks.

as users there's really not much you can do on your end because the attack is not based on anything within your control.

but, if you own or manage a filtering router/firewall, it might be worth the time to do some homework on filtering by ip source routing options, as this will deter some of the more common and less distinguishable methods used to determine remote routes (ie. tracerouting through an external source). i would also read up on enforcing locale isolations for rip/bgp broadcasts, router solicitations and advertisements, in addition to the filtering of icmp source-quench and route/host-redirect messages.

=================================================================

that's it i'm done...questions and comments are welcome as always.

A better, yet expensive way is to install a firewall and assign an NAT address between the proxy or ISP and your machine.

Big Bucks expense as you need at least 3 machines to do this.

I never asked how I could "spoof" MY Ip!! I asked how it is done as In several chat's I see some saying that they have "spoofed"THIER Ip.I only asked because I wanted to know IF they was b/sing me or what.Simple question.Because many say they are "unhackable" due to the fact they use Xp.Only one way to find out IF they are b/sing is to ask people with "KNOWLEDGE"I won't ask such a dumb question again.T/Y/V/M tho