Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Spoofing an IP over the internet

from [Steven Trewick] Network Security [Permanent Link]
Subject: RE: Spoofing an IP over the internet
Date: Fri, 26 Nov 2004 14:21:57 -0000 



From: Simon [mailto:simon@xhz.ca]



Yes, but the problem that I fear is a hacker changing his IP address 
automatically for each TCP/IP packets sents without the need of 
disconnecting/reconnecting.


It would be extremely difficult (impossible?) to conduct a TCP 
handshake if you use a different IP address for each packet, and
the same goes for transfer of data via TCP to/from standard 
services. (IMHO)

UDP is obvioulsy a different beast altogether, (and despite what 
others have said about the impossibility of spoofing accross the 
internet, it is not impossible, merely becoming more difficult)
and I regularly see quite obviously spoofed UDP packets arriving
at my network border. (The torrent of messenger spam being a good 
example of this)



Also if the IP could be spoofed, it would be difficult to  find where 
the attack is comming from 


That is, of course, the whole point of IP spoofing ;-)



or we would need other means of understanding  where the attack 
is comming from.


Here are some resources you may find interesting, if not to 
helpful ;-)


Following the Journey of a Spoofed Packet
http://www.scs.carleton.ca/~dlwhyte/whytepapers/ipspoof.htm

Tracking Spoofed IP Addresses Version 2.0
http://www.cymru.com/Documents/tracking-spoofed.html

Despoof is a free, open source tool that measures the TTL 
to determine if a packet has been spoofed or not. 
http://www.bindview.com/Support/RAZOR/Utilities/Unix_Linux/despoof_readme.cf
m


Hope these help a bit 


Steve Trewick




































The information contained in this e-mail is confidential and may be privileged, 
it is intended for the addressee only. If you have received this e-mail in 
error please delete it from your system. The statements and opinions expressed 
in this message are those of the author and do not necessarily reflect those of 
the company. Whilst Joplings Group operates an e-mail anti-virus program it 
does not accept responsibility for any damage whatsoever that is caused by 
viruses being passed.
joplings.co.uk
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IIS session & application variables, Bill Pennington
Next by Date:  Re: DMZ traffic (was Please help ! need to check IIS volunrabilities.), sf_mail_sbm
Previous by Thread:  Re: Spoofing an IP over the internet, Simon
Next by Thread:  FW: HIPAA training, Newberry, Julie S
Indexes:  [Date] [Thread] [Top] [All Lists]