Spoofing IP Addresses

thecoolkid

Baseband Member
Messages
91
I'm curious about spoofing IP Addresses. RewtGuy mentioned something about how raw sockets were enabled in Windows XP. How does that effect the spoofing of an ip? Just curious...

-thecoolkidontheblock
 
Proxies, simple and effective also try setting up your own SSH Tunnel and you can route your traffic through it (i.e. Set on up at work so you can route your Internet traffic through the work computer) therefore you are only really using 1 ip address. Then again just use a proxy if you want to like go on a forum you have been blocked from I am not really sure on your intentions.
 
If you want to spoof an IP or rather "IPs" without using a proxy, use a randomizer program. There are many..use googlebot.com :)
 
I'm not referring to spoofing the browser ip address. I am referring spoofing an ip address when connecting to another computer.

-thecoolkidontheblock
 
elmonomalo said:
http://grc.com/dos/winxp.htm
(a readup on why windows xp can be exploited.... hope it helps)
w00t...

grc just has something against XP...

raw sockets have ben available in UNIX and Linux since they were first invented...

Network communication happens with network packets.
thats to say that when you read this, the entire post doesn't arrive all at once, it arrives in small chunks that are seperated by the server, numbered and then pieced back together by your browser at the other end...

each packet contains a source address and a desitnation address, and of course the information.

IP spoofing is possible with raw socket access because the network socket *can* be modified, or rather the packet *can8 be modified so that the destination address is different.

Denial of service attacks work in a couple of ways,
the first is packet flooding, where a lot of packets are sent at once, every packet has to be sent, then recieved, then confirmed and acknowledged (google for syn ack), (it's a five part tcp handshake procedure).
flooding the address means that the server doesn't have time to respond to all packets and thus becomes unavailable to people since they packet times out.
this is why some news servers go offline after major events. (like after 911, lots of traffic meant that some news servers were literally offline).

second method.
Forging the packet headers to give a false IP address meant that the five way handshake can never be properly done.
since there is never a reply...

person a sends packet to server A with forged headre pointing to person B
SYN?
server a responds to person B
SYNACK?

person B ignors the packet snice it didn't send a packet.

server A waits for a response...


there is only enough space for (top of head remembering) 5 packets in the TCP IP stack...
so five spoofed packets bring down the server since the TCPIP stack is full...
the server has to wait until the TTL (time to live) of the packet is expired before it can delete it from the stack...

thus, yes, raw packet access does mean that hosts can be brought down... but blaming microsoft is a stupidly ignorant/uneducated thing to do, especially coming from the suposable security expert that gibson is.


as for how to spoof a packet...
goggle it. I'm sure you'l find some thing that fully confuses you more than that did! (if it did).
 
Eh, I don't know weither Gibson likes Microsoft or not, but what did they need raw sockets for? Giving the general public raw sockets is just be begging to be abused.
 
Back
Top Bottom