PDA

View Full Version : What Happened?? Spoofed?



Unregistered
03-19-2003, 03:53 PM
I posted to a "friend" on a MB using a free web proxy (German). I agree with many posts here re: proxies - really not necessary, however I used one because this MB displays remote addresses. After my post, someone posted (blank w/o message) using the same proxy IP. Stupidly, I posted back to "friend" to say that was not my blank post. Surprise - my real Ip showed up! At that same time a "test" notation appeared in the upper left of my screen. Also at the precise time an IP on my LAN (my IP is random for each internet access) appeared on my firewall log. Was this a spoof attempt to gain access to my computer? or was someone trying to uncover my real IP on the MB for amusement? After paying closer attention, I thought I detected a very slow connection at the proxy stage w/o showing an address for the MB. Thoughts always appreciated.

Newbietoo
03-19-2003, 10:18 PM
Hi again, Fever, always enjoy your posts!! What are your thoughts on the post above? Re: spoofing. If you have the time, could you give me the "short version" of spoofing. Wouldn't it be difficult for an attacker to duplicate a web site involving such an interactive message ***rd? How would the attacker keep up with the posts? Just curious as always. Regards, Newbietoo

fEš·.·šEr
03-20-2003, 12:15 PM
Hi Newbietoo
Thank you for the compliment,

THE ENTIRE TEXT THAT FOLLOWS WAS WRITTEN BY an expert called Mr. Puneet Mehta

--------------
IP Spoofing is the technique used by intruders to gain access to a Network by sending messages to a computer with an IP address indicating that the message is coming from a trusted host. To engage in IP spoofing, a hacker must first use a variety of techniques to find an IP address of a trusted host and then modify the packet headers so that it appears that the packets are coming from that host. As Routers use the "destination IP" address in order to forward packets through the Internet, but ignore the "source IP" address which is only used by the destination machine when it responds back to the source. These attacks exploit applications that use authentication based on IP addresses.But this attack does not involve source routing.There's a common misconception that "IP spoofing" can be used to hide your IP address while surfing the Internet, chatting on-line, sending e-mail, and so forth but this is generally not true. You cannot create a normal network connection by forging the source IP address as the response will be misdirected.However, IP spoofing is an integral part of many network attacks that do not need to see responses (blind spoofing).
With the current IP protocol technology, it is impossible to eliminate IP-spoofed packets. The best way to to eliminate IP spoofing attacks is to install a filtering router that restricts the input to your external interface by not allowing a packet through if it has a source address from your internal network. In addition, you should filter outgoing packets that have a source address different from your internal network to prevent a source IP spoofing attack from originating from your site.The combination of these two filters would prevent outside attackers from sending you packets pretending to be from your internal network. It would also prevent packets originating within your network from pretending to be from outside your network.
--------------

hope this is usefull for you Newbietoo

take care

-----------
fEš·.·šEr

Newbietoo
03-20-2003, 04:18 PM
Fever, thanks so much for the info. I have seen similar explanations. Get a little lost at the point of "blind" :-) Re: spoofing and knowing whether or not one is going to the intended address, we should use the pointer on the "Go" in the address line and the line below on left. Also read an interesting tip: "On Brower headings pull down on "view" to "source" and check out html". Do you know if the last point is accurate, Fever?

Also, disable all the bad stuff!!! Take care. Newbietoo

dss_chick
07-28-2003, 10:18 PM
I thought IP spoofing would hide your true IP address, yet the author of the article states that this is not the case. How can that be if a fake or spoffed IP is the one that's logged. How can it be traced back to it's originator?

mbravo
07-29-2003, 04:27 AM
Originally posted by dss_chick
I thought IP spoofing would hide your true IP address, yet the author of the article states that this is not the case. How can that be if a fake or spoffed IP is the one that's logged. How can it be traced back to it's originator?

The matter is not that it cannot be traced, but rather that it cannot be correctly replied to.

Imagine writing a paper letter to someone, and marking it with a wrong or fictitious return address (not yours). The addressee (presumably) will not be able to perceive the letter is from you, but if s/he writes a reply, you won't get it. Same goes for IP packets. So - you can spoof, but, in general, you can't operate (email, chat, post) under the spoofed address.

johnny
08-07-2003, 12:44 PM
Generally speaking, you can surf, post, do email with your true IP hidden if you do it while connected to an external SOCKS proxy, port *080, properly configured in your browser. The browser must support proxies of course. FOr example, I am here now coming from Finland via a properly configured SOCKS proxy in located CHINA. Everyplace I land, every communication sent (including this post:-) shows me coming from China with the Chinese IP, not Finland.

Regards to old friends here :-)

johnny
08-07-2003, 05:05 PM
The above info assumes you are using a single non-networked computer.