Topic awaiting preservation: ip spoofing/faking/hijacking? (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=22445" title="Pages that link to Topic awaiting preservation: ip spoofing/faking/hijacking? (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: ip spoofing/faking/hijacking? <span class="small">(Page 1 of 1)</span>\$

Fig Paranoid (IV) Mad Scientist From: Houston, TX, USA Insane since: Apr 2000	posted 07-05-2004 23:39 I know some of you are rather talented on the programming and development side of things so I have a question: how easy or hard is it to "fake" an ip address, so that a server's logs would show you coming from an ip that isn't actually your ip? I've run across a legal matter where this information is rather valuable, anything you can provide would be greatly appreciated. Thanks. Chris KAIROSinteractive \| tangent oriented
InI Maniac (V) Mad Scientist From: Somewhere over the rainbow Insane since: Mar 2001	posted 07-05-2004 23:45 The poster has demanded we remove all his contributions, less he takes legal action. We have done so. Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future. Don't follow his example - seek real life help first.
WarMage Maniac (V) Mad Scientist From: Rochester, New York, USA Insane since: May 2000	posted 07-06-2004 00:12 IP spoofing is not easy when you are talking about TCP/IP which is how a www page initiates a connection. Spoofing the IP address of a sent packet is an easy thing to do, the hard part is to get the response from the server. The source portion of the TCP/IP header is what tells the server where to send the response. Without wading into a whole lot of technical details, it is a whole lot easier to hijack an insecure machine, route your traffic through that machine and then delete the machine's logs, than it would be to spoof an IP address. It is easy to flood or maybe even probe a machine with malformed packets, but it would show up as such in the logs if the log is even set to record connections that don't complete the handshake. My opinion of this (note this is just an opinion) you won't find an IP address that is actually trying to hack or crack your system spoofed. If an IP address is showing up in your logs, and is causing problems, the attacks are coming from that computer. Who is controlling that computer is a much better question to ask rather than if the IP address is being spoofed. Dan @ Code Town
xcFeRiNiZeDcc Nervous Wreck (II) Inmate From: U.S. Insane since: Jan 2004	posted 07-06-2004 10:33 Yeah, i think it is very popular among people causing trouble in the internet to hijack one or more computers to do their dirty work. I'm not sure how easy it would be to do this, but I believe they will hijack a machine, then go to that machine to another, and so on, depending on how well they want to cover their tracks. It depends on how well they want to hide their IP, there are some good proxies out there, but my understanding is that if someone wants to find out your IP bad enough, a proxy isn't going to stop anything. To answer your original question, it would be relatively hard to do much more that use a router or proxy, that other stuff is pretty advanced. "Some people create with words or with music or with a brush and paints. I like to make something beautiful when I run. I like to make people stop and say, 'I've never seen anyone run like that before.' It's more than just a race, it's a style. It's doing something better than anyone else. It's being creative." -Steve Prefontaine

Topic awaiting preservation: ip spoofing/faking/hijacking? (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=22445" title="Pages that link to Topic awaiting preservation: ip spoofing/faking/hijacking? (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: ip spoofing/faking/hijacking? <span class="small">(Page 1 of 1)</span>\$

Fig
Paranoid (IV) Mad Scientist

From: Houston, TX, USA
Insane since: Apr 2000

posted 07-05-2004 23:39

I know some of you are rather talented on the programming and development side of things so I have a question: how easy or hard is it to "fake" an ip address, so that a server's logs would show you coming from an ip that isn't actually your ip? I've run across a legal matter where this information is rather valuable, anything you can provide would be greatly appreciated. Thanks.

Chris

KAIROSinteractive | tangent oriented

InI
Maniac (V) Mad Scientist

From: Somewhere over the rainbow
Insane since: Mar 2001

posted 07-05-2004 23:45

The poster has demanded we remove all his contributions, less he takes legal action.
We have done so.
Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future.
Don't follow his example - seek real life help first.

WarMage
Maniac (V) Mad Scientist

From: Rochester, New York, USA
Insane since: May 2000

posted 07-06-2004 00:12

IP spoofing is *not* easy when you are talking about TCP/IP which is how a www page initiates a connection. Spoofing the IP address of a sent packet is an easy thing to do, the hard part is to get the response from the server. The source portion of the TCP/IP header is what tells the server where to send the response.

Without wading into a whole lot of technical details, it is a whole lot easier to hijack an insecure machine, route your traffic through that machine and then delete the machine's logs, than it would be to spoof an IP address.

It is easy to flood or maybe even probe a machine with malformed packets, but it would show up as such in the logs if the log is even set to record connections that don't complete the handshake.

My opinion of this (note this is just an opinion) you won't find an IP address that is actually trying to hack or crack your system spoofed. If an IP address is showing up in your logs, and is causing problems, the attacks are coming from that computer. Who is controlling that computer is a much better question to ask rather than if the IP address is being spoofed.

Dan @ Code Town

xcFeRiNiZeDcc
Nervous Wreck (II) Inmate

From: U.S.
Insane since: Jan 2004

posted 07-06-2004 10:33

Yeah, i think it is very popular among people causing trouble in the internet to hijack one or more computers to do their dirty work. I'm not sure how easy it would be to do this, but I believe they will hijack a machine, then go to that machine to another, and so on, depending on how well they want to cover their tracks. It depends on how well they want to hide their IP, there are some good proxies out there, but my understanding is that if someone wants to find out your IP bad enough, a proxy isn't going to stop anything. To answer your original question, it would be relatively hard to do much more that use a router or proxy, that other stuff is pretty advanced.

"Some people create with words or with music or with a brush and paints. I like to make something beautiful when I run. I like to make people stop and say, 'I've never seen anyone run like that before.' It's more than just a race, it's a style. It's doing something better than anyone else. It's being creative." -Steve Prefontaine