IP Spoofing: An Introduction

Remy_3D

Criminals have long employed the tactic of masking their true identity, from disguises to aliases to caller-id blocking. It should come as no surprise then, that criminals who conduct their nefarious activities on networks and computers should employ such techniques. IP spoofing is one of the most common forms of on-line camouflage. In IP spoofing, an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine by 搒poofing

Remy_3D

Conclusion

IP Spoofing is a problem without an easy solution, since it抯 inherent to the design of the TCP/IP suite. Understanding how and why spoofing attacks are used, combined with a few simple prevention methods, can help protect your network from these malicious cloaking and cracking techniques.

Fast-N-Furious

those days, spoof IP is a must while on mIRC. attacker punye re ramai especially when you're an op.

Remy_3D

IP Spoofing tak boleh pakai untuk mIRC.

bobok

apsal lak tak buleh spoof kat irc?

outgoing: packet tukar source address, guna satu IP jer
incoming: sniff semua packet dia yang keluar & grab semua packet yg destination nyer sama dgn IP yg kita spoof.

amenda la lu. tulis panjang lebar pun tak paham konsep lagi.

Sarah_Radzi

citer sket camne u nak sniff semua packet yang destination dia ke network lain

kalau u kat irc server bleh ler nak sniff ..
kalau u pakai ip spoof yang sama network ngan u and u control network tu .. mungkin bleh gak

kalau tak .. camne u buat ?

bobok

ni soalan nak ajar sniff ke nak paham konsep jer?

kalau nak paham konsep jer, buleh la cita tapi kalau nak ajar sampai boleh buat sendiri, mesti la aku cakap aku pun tak tau buat. apa da.... berapa org sgt la yg aku kenal yg tau buat benda ni

Originally posted by Sarah_Radzi at 2004-3-5 01:20 AM:
citer sket camne u nak sniff semua packet yang destination dia ke network lain

kalau u kat irc server bleh ler nak sniff ..
kalau u pakai ip spoof yang sama network ngan u and u control netwo ...

Fast-N-Furious

Originally posted by Remy_3D at 4-3-2004 02:42 PM:
IP Spoofing tak boleh pakai untuk mIRC.

saper kata tak bleh?? saper?? saper??

Remy_3D

makcik tiri tapir aku cakap tak bleh :lol

Remy_3D

Spoofing is the creation of TCP/IP packets using somebody else's IP address. Routers use the "destination IP" address in order to forward packets through the Internet, but ignore the "source IP" address. That address is only used by the destination machine when it responds back to the source.

A common misconception is that "IP spoofing" can be used to hide your IP address while surfing the Internet, chatting on-line, sending e-mail, and so forth. This is generally not true. Forging the source IP address causes the responses to be misdirected, meaning you cannot create a normal network connection.

However, IP spoofing is an integral part of many network attacks that do not need to see responses (blind spoofing).

boleh la..
tapi sekarang punya tech dah boleh detect ip sp0ofing session
back to luck

backdoor jugak steady..

karim_pin

Tak boleh spoof ip kat internet.. itu semua cerita dongeng. Ip spoofing hanya boleh utk tujuan DOS/DDOS sebab gune udp. Ia juga boleh dijalan kan kalau dalam satu network/LAN.

Ini kerana melibatkan hal2 routing.

amenda la lu. tulis panjang lebar pun tak paham konsep lagi

Hehe.. Bukan die tulis pun, die cut n paste je. Selalu kalo cut n paste, bagi la kredit kat original author. Sian author tu, lembu punya susu..sape2 ntah dapat nama.

No harm intended but this is the most basic journalism and net etiquette..

[ Last edited by kabler at 27-9-2005 11:27 AM ]

anti_aktivis

Sembang pasal IP spoofing   , Proxy ,  tunneling ,  Proxy Chaining. Topic Proxy ni begitu menarik dan banyak kegunaannya.

Utk hari ini , saya bagi anda satu cara ASAS (BASIC)  utk spoof IP anda.

Ok

Tapi hanya utk orang yang ada direct internet connection dan tak melalui proxy server.

1- mula mula = pi sini  http://www.whatismyip.com/

No yang terkeluar itu memang IP anda.

2- a-Click kat IE anda tool / internet option / connection / lan setting , tick utk" use a proxy server for your lan" = Jika dial up(connection) dilakukan di router
    b--Click kat IE anda tool / internet option / connection /dialup icon , tick utk "" use a proxy server for this connection" = jika dial up(connection)  dilakukan oleh pc
3 - Dan masukan IP ni 148.244.150.58 dan port number 80  (proxy server ni mungkin akan dead bila bila masa saja ) dan tekan OK

4- Pi semula sini http://www.whatismyip.com/ dan walla , IP original anda akan dispoof. IP yang kelihatan ialah IP proxy yang tadi anda masukan.

Itu aja utk hari ini , klu ada masa saya explain in detail apa yang berlaku dalam proses spoofing tu.

Buat masa ni klu ada masa sila googling "proxy" dan fahamkan maksud proxy.

P/s , dgn cara diatas , klu anda hantar email menggunakan web base mail (bukan SMTP) cth kat yahoo mail website. IP yang kelihatan di IP header anda ialah IP proxy tu , bukan IP anda. BTW sorry , tulisan saya base on personal experience , jadi klu ada term atau jargon yang silap , sori yek.

[ Last edited by anti_aktivis at 30-9-2005 01:13 AM ]

anti_aktivis

spoofing definition : Pretending to be someone else.

Dan utk spoofing jika nak menyukarkan lagi anda boleh chain proxy. Rantaikan secara selari sejumlah proxy.

[ Last edited by anti_aktivis at 30-9-2005 12:46 AM ]

anti_aktivis

Header email  perbandingan utk yang dihantar secara terus dan melalui proxy (Ip Spoofing)

Contoh email yang dihantar secara terus
Ip yang digunakan ditanda dgn warna merah.(saya edit dgn xx , security isu)

X-Apparently-To: [email protected] via 66.163.179.138; Thu, 29 Sep 2005 10:10:23 -0700
X-Originating-IP: [66.163.179.127]
Return-Path: <[email protected]>
Authentication-Results: mta157.mail.mud.yahoo.com from=yahoo.com; domainkeys=pass (ok)
Received: from 66.163.179.127 (HELO web35503.mail.mud.yahoo.com) (66.163.179.127) by mta157.mail.mud.yahoo.com with SMTP; Thu, 29 Sep 2005 10:10:23 -0700
Received: (qmail 32247 invoked by uid 60001); 29 Sep 2005 17:10:18 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=1qqgI3fNBC43oLyI0vIDFooWt5ZryKsKcI1QlD/ebh83MMsSX1rCFRQ270LYVJ1ebTAeBvqMjsl12xOUySZ55xPWPrtfgBJLvmYlw0Sffc+0JMPwzzZAxzF3ExwnYAUoZTgNSefZXqVSc1D+Avqe3rlK3tyuiZtb3t/0QuGUXMQ= ;
Message-ID: <[email protected]>
Received: from [60.xx.180.xxx] by web35503.mail.mud.yahoo.com via HTTP; Thu, 29 Sep 2005 10:10:18 PDT
Date: Thu, 29 Sep 2005 10:10:18 -0700 (PDT)

Contoh email yang dihantar menggunakan proxy (ip spoofing)
Ip yang digunakan ditanda dgn warna merah

X-Apparently-To: [email protected] via 66.163.179.138; Thu, 29 Sep 2005 10:23:58 -0700
X-Originating-IP: [66.163.179.134]
Return-Path: <[email protected]>
Authentication-Results: mta120.mail.scd.yahoo.com from=yahoo.com; domainkeys=pass (ok)
Received: from 66.163.179.134 (HELO web35510.mail.mud.yahoo.com) (66.163.179.134) by mta120.mail.scd.yahoo.com with SMTP; Thu, 29 Sep 2005 10:23:58 -0700
Received: (qmail 57612 invoked by uid 60001); 29 Sep 2005 17:23:52 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=a4BKkSE4kAd3rC4NZ2VCihzrV7HJyia3zARQd1sW5yqKXaHIbGJTIr9QTFGqasD8lxD5rsS1+gMkbZhIeYVcKDej0t4o9gAXOr4dbcOV9KZ3nKpLw4SNh0pwUdjBU7qm9qVVjJst1o9KmQPt27pvIpz+KX++S+v2DOJfY7HYb2I= ;
Message-ID: <[email protected]>
Received: from [148.244.150.58] by web35510.mail.mud.yahoo.com via HTTP; Thu, 29 Sep 2005 10:23:52 PDT
Date: Thu, 29 Sep 2005 10:23:52 -0700 (PDT)

Kedua dua dihantar dari pc yang sama menggunakan konsep spoofing yang paling basic sekali (paling cap ayam sekali)

[ Last edited by anti_aktivis at 30-9-2005 01:08 AM ]

Sarah_Radzi

maksud spoofing dlm thread asal lain dari apa yg u buat ..

Remy_3D

masquerading (tepat ke ejaan aku nie)

anti_aktivis

Ki ki , pak cik tersilap lagi le nampaknya.

Remy_3D

manusia mana yg tak pernah tersilap