IP Spoofing

What's the best way to setup a home network? Why should I care about BGP?

IP Spoofing

Post by EndangeredX on Wed Oct 08, 2008 12:33 am
([msg=13375]see IP Spoofing[/msg])

Hi. I'm new to this website but it looks really dope. I was wondering if anyone knew of any good IP Spoofing programs/software. If you have a personal favorite please let me know because I've been looking for a good one for a long time now. thanx
Image
EndangeredX
New User
New User
 
Posts: 5
Joined: Wed Oct 08, 2008 12:26 am
Blog: View Blog (0)


Re: IP Spoofing

Post by thedotmaster on Wed Oct 08, 2008 10:45 am
([msg=13390]see Re: IP Spoofing[/msg])

IP spoofing is impossible. The point of an IP is so that a server knows where to send data back. Therefore, if you were able to spoof an IP you wouldn't be able to actually receive data back.
There are two alternatives:
- Proxying. This involves putting somebody else in between you and the target server. Google "proxy lists" or "Tor".
- X-REFERRER spoofing. This is a poor method that some people call IP spoofing but in reality is incredibly weak and rarely works. http://www.proxomitron.info/ has a good program for doing this. It's worth a download anyway as you can use another proxy through that too.
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)


Re: IP Spoofing

Post by EndangeredX on Thu Oct 09, 2008 12:26 am
([msg=13430]see Re: IP Spoofing[/msg])

Thanks for the info. I didn't know that. another quick question I have besides spoofing your IP but same subject, do you know anything else I could use to hide my identity while browsing. From what i Know a website can see your Browser, O/S, Location, ect. Is there a way to completely block them from knowing anything about you. thanx
Image
EndangeredX
New User
New User
 
Posts: 5
Joined: Wed Oct 08, 2008 12:26 am
Blog: View Blog (0)


Re: IP Spoofing

Post by thedotmaster on Thu Oct 09, 2008 1:38 am
([msg=13433]see Re: IP Spoofing[/msg])

Well you can change your user-agent. There are plenty of add-ons for firefox that do that.
Changing your Mac address is a possibility too. Your Mac address is a unique number assigned to any piece of hardware that connects to the internet or lets others connect to it. You can change this pretty easily - just search "mac address changer" on google.
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)


Re: IP Spoofing

Post by mgscrk on Thu Oct 09, 2008 9:13 am
([msg=13445]see Re: IP Spoofing[/msg])

Sorry, thedotmaster, you are wrong. I know what the op meant, and also that there is a common misconception with IP spoofing <> anonimous browsing. IP address spoofing - as the meaning of the term - of course, won't solve his problem... But still, you are wrong.

First of all, IP spoofing is not impossible. There is a way to change the source IP address by modifying the IP header of existing packets or by creating custom packets. It's another thing, that nowadays most (but not all, see http://spoofer.csail.mit.edu) of the ISPs deployed ingress and/or egress filtering - or just using NAT - thus making IP spoofing rather difficult to achieve (I do not say impossible because there are also ways to work this around, however, it could be very difficult)

Nevertheless, just try it within your own network - get two hosts, on one of them run a packet sniffer (tcpdump, wireshark etc) and on the other one generate a packet with a fake source IP, for example with hping. You will be able to capture the packet on the other end. Whoops, you've just spoofed your IP address...

So, "IP address spoofing" is sending packets with forged source IP addresses, and it's possible to perform. Capturing the reply is a different thing. (But let's not forget that the most commonly used area of IP spoofing is UDP-based DoS attacks, where you usually don't want to receive anything) If you are on the same network segment or somewhere between the source and the destination host, you can use a sniffer. If you aren't, well, even then there is a way, which is using the source routing option of the IP packets. Theoritically, it makes possible to receive the reply, however, it can also be filtered, ignored/dropped on the in-between routers and gateways, and the destination host also has to consider (reverse) the source route, which is disabled by default on today's systems.

This way, spoofing UDP packets is easier, as there is no connection established. You just send the packets to the destination and that's it. This method has been used for numerous DoS attacks, SNMP and DNS attacks.
Spoofing a TCP connection is much more difficult, as you have to be able to handle the three-way handshake first, and acknowledge every packet afterwards, by guessing or brute forcing the sequence and acknowledgement numbers (which is very unlikely today, but again, theoritically possible)

Just one more note about mac address change. Changing your network adapter's mac address won't make any difference (except if you want to show up on your own subnet with a different mac). The reason is, when the packets coming from your card arrive at your router or modem, your nic's mac will be replaced with the modem's/router's mac. And so on, the packets you sent travel through a bunch of gateways/routers and the source MAC address is always replaced with the previous device's mac address. The remote host you are communicating with will never know your mac.
You might be able to change the mac of your modem or router using some tool or firmware option, however, if you change it to something else - other than your isp knows about - your internet connection might stop working.

Regards
MGS
User avatar
mgscrk
New User
New User
 
Posts: 7
Joined: Tue Sep 02, 2008 5:47 pm
Blog: View Blog (0)


Re: IP Spoofing

Post by thedotmaster on Thu Oct 09, 2008 2:51 pm
([msg=13459]see Re: IP Spoofing[/msg])

No I am not wrong, I mentioned editing the header in a packet, see my second bullet point. Now please stop waving accusations.
And in regards to Mac changing, you change your Mac to stop the police seeing your Mac address in the logs of a public wireless router. And your Mac address has nothing to do with your ISP - you can purchase a new router with a new Mac in an electrical store and it'll work fine, at least most of the time.
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)


Re: IP Spoofing

Post by mgscrk on Thu Oct 09, 2008 6:30 pm
([msg=13466]see Re: IP Spoofing[/msg])

Yes you mentioned "x-referer spoofing". However, the "Referer" option you mentioned is the part of the HTTP header, which is on Application Layer of the TCP/IP model. IP spoofing, what the op asked about and what I was talking about, is on the Internet Layer level. Totally different thing.

About mac changing...Actually, many ISPs allow access from only one mac address. This is the case with some DSL providers but especially common with cable providers and cable modems, where it's often the only way to identify the subscriber. Sometimes they even authenticate the network adapter (through the modem) - and this is why many routers have a "clone mac" option built-in. Thus, if you change either of them, you might render your connection inoperable.
But you are right, it's an option you should consider when using free/(or pirated) wireless APs - and dial-up connections.

Also, it should be mentioned that there is a way to read the card's mac address using, for example, java, and send it back to the server - which could be just another reason why to change your mac if you are paranoid. However, this way any sensitive information - license numbers etc - could be retrieved.
User avatar
mgscrk
New User
New User
 
Posts: 7
Joined: Tue Sep 02, 2008 5:47 pm
Blog: View Blog (0)


Re: IP Spoofing

Post by Muskelmann098 on Sat Feb 14, 2009 6:24 am
([msg=17877]see Re: IP Spoofing[/msg])

Just to bring back an old post, ip and mac spoofing must be a great way to stay anonymous on a free wifi zone, like those in cafés. I know cain has such a function, would it make me "untraceable" if I switch this kind of spoofing on?
Muskelmann098
Experienced User
Experienced User
 
Posts: 78
Joined: Mon Feb 02, 2009 9:39 am
Blog: View Blog (0)


Re: IP Spoofing

Post by sidebottom on Sat Feb 14, 2009 11:37 am
([msg=17882]see Re: IP Spoofing[/msg])

First I'd like to point out that mgscrk is absolutely right and his posts are probably the most correct and well thought out of any other on this site.

Second, in response to the latest post, be careful. If you think a program like Cain is going to give you perfect anonymity without understanding how networks work and how computer forensics work and how Cain works, you can get yourself into real trouble.

So bottom line....DON'T do anything illegal.
sidebottom
Poster
Poster
 
Posts: 104
Joined: Fri Nov 21, 2008 12:09 am
Blog: View Blog (0)


Re: IP Spoofing

Post by Andomis on Sat Feb 14, 2009 3:20 pm
([msg=17887]see Re: IP Spoofing[/msg])

Hey all,

Interesting posts, however- you both are correct in some sense but your overlapping with different subjects because you are not being precise enough in your target topic.

The posts from mgscrk apply more to a home or fixed apartment modem mac/ip configuration.
The posts from thedotmaster apply more to public areas such as cafes, malls, or those little internet bars.

------------------------------------------------------------
mgscrk's:
home/fixed location known in a database that you are there- normally your ISP knows (or should lol).

......................spoofing starts here*
Home -> routers -> modem (your mac) -> your ISP -> other ISPs -> other modems -> other routers -> end Host (general* layout)

In this case everything done up to "your ISP" will be known by your ISP provider unless as mgscrk stated you spoof your outgoing IP address and mac address of the packets. Doesn't mean it will work, because they can filter their own incoming data.

ISP providers have what is called IP/Mac address provisioning, this locks your modems mac address into their database and only allows connects between them, the phone line, and that modem box. If the mac address is changed itll drop your connection with them and ignore information sent to them (generally now adays). The IP provisioning is just the set IP address that they give your home, appartment, office, etc... and sometimes the set IP address range (I work with some that are given 6-8 IP's to a single modem).
------------------------------------------------------------

------------------------------------------------------------
thedotmasters':
Public location where you have never been, they know nothing about you, your computer, or your habits.

........spoofing starts here*
Your computer (your mac/ip), their router, their modem, their ISP (that knows nothing of you), other ISP's, other modems, other routers, end Host. (general* layout)

If you change your systemboard Mac address and your wireless card Mac address (yes there are two normally) to something new, and dont use a specific user name or organization name when you setup your computer than it will be rather difficult to re-connect your computer at a later time to the set of events that might have occured while it used the spoofed mac address. When your Mac changes- the wireless router will assign a new IP (so dont worry about "spoofing" a IP), and consider it a different computer than it is.

-Systemboard normally is only sent when hardlined.
-Wireless card is normally only sent when using wireless.
*however sometimes they both are sent- so it is a good idea to spoof both, then change them both back after you leave.*

*this would be a good time to use linux, because I dont think it gives out as much "personal information" because windows has a tendancy to attach personal information to files- win4.0 with word originally attached your username and password to word documents.. not a good idea.*
------------------------------------------------------------

These are two different topics, please create new forum posts for each depending upon which one you are interested in, or specify which one you (the OP) are interested in under this current forum posting so that answers maybe tailored to your question better.

However I do agree with sidebottom... Don't do anything illegal, and than you don't have to worry about it.

Alive,
Andomis
"I'm choking on that four letter word, it sticks in my throat as i read the words YOU wrote..."
User avatar
Andomis
Experienced User
Experienced User
 
Posts: 75
Joined: Thu Oct 23, 2008 8:50 pm
Blog: View Blog (0)


Next

Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests