Folks.... what exactly is Ip spoofing ???... I hear that it can be done only through Unix... Why is that ???
Printable View
Folks.... what exactly is Ip spoofing ???... I hear that it can be done only through Unix... Why is that ???
IP spoofing is sending IP packets with a different "source" IP address than your own.
No, it cannot only be done through Unix.
IP spoofing is used by some crackers - mostly for denial of service attacks.
Obviously when your machine sends spoofed packets, it cannot get the responses to them because those go somewhere else.
Spoofing DoS (particularly DDoS) attacks are pretty difficult to stop because you can't block the packets by IP because they can have random spoofed IPs.
Some tools also use spoofed IPs, for example nmap's "Idle scan" uses spoofed IPs to bounce scans off another machine. This is clever.
Slarty
Thanks ! ... But i heard that OSs like windows dont allow such low level stuffs.. is it true ??
Not really.Quote:
Originally posted here by Waveshifter
Thanks ! ... But i heard that OSs like windows dont allow such low level stuffs.. is it true ??
There are a few features of nmap which don't work in the Windows version AFAIK - I don't know if the ones which require spoofing are involved.
However, I'm sure it is possible under Windows for apps to spoof packets, just not necessarily so easy as (for example) Linux.
It is true that a script kiddie with a copy of Visual Basic probably couldn't achieve this - but it's hardly suprising.
Slarty
IP spoofing is very much possible under windows. There are quite a few l33t h4x0r applications that do this or something like it.
Cheers,
cgkanchi
Correct me if i am wrong but ithink that ip spoofing is not only for dos attacks...by Ip spoofing you can do a lot of thinks... kevin mitnick had once attacked a network by using ip spoofing...see the attached file...the meaning of it is that you change an ip into a fake one...
Generally, IP/DNS spoofing is used to assume the identity of someone (host) to attempt to avoid detection and have interaction with the another host. You must have an indepth knowledge of TCP/IP, sequence numbers, etc. But inorder for the villian to accomplish his deed, he must first disable the other host (IP) and masquerade as that host. There's a whole bunch of folks in jail just waiting for new cellmates! ;) You might want to steer clear of this.
Wave, check out this link, it's a brief explanation of IP Spoofing and the type of attacks that can be generated using IP Spoofing. This will maybe help you better understand what exactly is going on when someone spoofs IP's.
IP Spoofing
IP spoffing has many applications:
1) DDoS
2) DoS
3) Man-In-The-Middle Attacks
4) Session Hijacking
5) Exploiting Trusted IP's (ie. firewalls...linux's rshell)
If you would like some info on any of those topics, i can point you to a vast amount of information.
TheTempest
Why not just post them?Quote:
If you would like some info on any of those topics, i can point you to a vast amount of information.
because it's a lot of information, and i don't want to waste my time searching my computer for links and stuff if people arn't intrested in seeing it.
also, there is the legiticmy...if they are going to use this for education vs illegal...
while older versions of windows did not natively allow ip spoffing, with the introduction of raw sockets it is now quit possibleQuote:
Originally posted here by Waveshifter
Thanks ! ... But i heard that OSs like windows dont allow such low level stuffs.. is it true ??
[edit] i don't want to waste my time searching my computer for links and stuff [/quote]
Well, I wouldn't want you to waste your time.... but I would point out that there is a lot of information on AO that can be used for illegal purposes... that's the point. If we don't share that information, then we don't learn. (have you checked out the apps section? I think it still works)
If people want to use it for illegal purposes, how are you going to stop it? There are hundreds of other sites where they can get the same information.
NullDevice has a nice tutorial on Dos: http://www.antionline.com/showthread...highlight=Ddos
And thanks to Dark Pheon1x, the following article: http://www.theregister.co.uk/content/56/31801.html
Here we have an entire thread for man-in-the -middle attacks : http://www.antionline.com/showthread...Middle+Attacks
And here is a site that covers alot of what you listed above: http://www.liquidcodedesign.com/main.asp?action=fw7
And here is a nice thesis by Johnathan Katz explaining how to prevent man-in-the-middle attacks. http://www.cs.ucla.edu/~rafail/STUDENTS/katz-thesis.pdf You might not want to read it though, it tells how to do it... shhhhhh!! ;)
I could go on, but I won't. If you are just here to leach off others, that's fine with me ( I don't know what else to call it if you don't want to share your knowledge). But the underlying concept of AO (if I may be so bold) is to share information with each other in order that we all learn together.
The attack that Kevin Mitnick used that you are referring was the SYN/ACK in which the attacker floods a trusted host with SYN (syncronise sequence numbers) packet causing it to ignore the SYN/ACK response. So now the attack can send his own SYN packet to the target. Then when SYN/ACK packets are sent to the attacker and he replies correctly with the correct sequence numbers, The attacker now has a one-way connection to the host which appears to come from the trusted host.
The attacker can now pipe commands (any at all) to setup trojans/backdoors and so on.
When the attacker is finish he send a RST(reset) packet to the target, the connection is reset and nobody know any different.
p.s. It is hard to detect these attacks (but not impossible)