Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Spoofing an IP over the internet

from [Simon] Network Security [Permanent Link]
Subject: Spoofing an IP over the internet
Date: Mon, 22 Nov 2004 00:49:43 -0500 
Hi there,
  I'm fairly new to this list and I'm very interested in security.  I'm
currently programming a set of security functions to make a very strong
authentication with PHP and MySQL.

  These functions deal with all the problems Web Application are prone to and
will make sure the process is done quickly and securely.

  Then, to use it, you would just need a MySQL database, a PHP file and just
add two lines of code.  With the first use, the administrator can create all the
security script needs to proceed, etc...  Then the admin can set the security
level, currently either IDENTIFY or AUTHENTICATE.

  I'm currently working in dealing with a possible DoS attack, where the user
would send TCP/IP packets to the webserver with different information.
Currently, I create a new Session ID if the pair [IPaddress/UserAgent] is not
found.  It would be easy for a hacker to just set UserAgent to an incrementing
number, until the disk is filled with sessions.  However, it would be very
simple to just verify that one IP cannot have more than one UserAgent associated
with it.  And report by email a digest of all the problems in the last 10 
minutes...

  Now comes my Critical question.  Can an IP address be
spoofed/forged/manipulated by someone on the internet?

  I've read about IP spoofing and it seems that the hacker would need to be in
my LAN to do such action.  So I was wondering if it was possible to change an IP
address at will over the internet before opening a TCP/IP connection?

  If it's not possible, then I believe my anti-DoS process is fairly strong.
But if it is possible, then I would like to know how a hacker can proceed (Does
he needs to be an ISP or can an end user do it?  Are ISPs checking this?  What
about the law and IP spoofing?  Is there a way beyond this point where I can
trust something on the internet?)

  Say for example, that I somehow determine the webserver is currently serving
a user with a spoofed IP, what can I do to trust other visitors?  What can I do
to get more information on this hacker for further investigation?

If you could direct me to some litterature on the internet about spoofing IPs on
the internet, that would be very much appreciated, then if I can understand how
a hacker would proceed I will change my Security mechanism to deal with such a
possibility.

Oh and btw, I will release the source code of the security engine so that people
can read and verify it.  Then I was thinking on possibly asking a commercial
auditing company to check a test site for possible security flaws and this way I
could put some sort of Guarantee on the script (the guarantee comming from the
experts).

Thanks in advance,
  Simon

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: creating DNSBL for blocking email virus, need suggestion, Rob Hughes
Next by Date:  RE: USB Security, Marios Papaioannou
Previous by Thread:  studying guide/book for CISSP, Mark W. Webb
Next by Thread:  Re: Spoofing an IP over the internet, Alexander Klimov
Indexes:  [Date] [Thread] [Top] [All Lists]