Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IP Spoofing for DSL 1.5mpbs up/down connected by LAN 1

Status
Not open for further replies.

ImmortalProtocol

Technical User
Dec 11, 2005
1
US
Hello,

I was wondering if there is any other way than a proxy that I can change my IP and make it high anonymity, not used for spam of emails or sorts of stuff like that but for gaming. Much help would be appreciated on this subject of changing my IP. And I am a newb at using/spoofing/changing IPs. Thanks.

Immortal Protocol.
 
A critical fact to bear in mind about IP spoofing is that it doesn't work in situations where you're expecting a response back from a remote server. It works well if you don't care about getting a response or if you're simply having a one-way conversation with a server, i.e. IP spoofing is a 'blind' attack. Attack being the operative word as people that use IP spoofing are not simply trying to hide their IP address but are attempting to exploit a remote server by successfully predicting TCP sequence numbers which, if successful, allows them to place a backdoor in the compromised system.

IP spoofing is a blind attack because when you send a spoofed IP address to the remote server, it will respond to the spoofed IP address (not your real one) thus you will never see the response. The spoofed host (if it exists) that has the same real address as your fake IP address will simply drop the connection as it won't have initiated it in the first place.

As you've described, it sounds like you simply want to hide your address whilst connected to a games server and I'd recommend a proxy/anonymity service for this. Unfortunately connecting to a games server and interacting with it as a two-way process and thus IP spoofing won't work in this situation.

It's also worth noting that IP spoofing can be easily prevented by network administrators.
 
could you go into a little more detail regarding preventing IP spoofing KiscoKid?

'When all else fails.......read the manual'
 
Yep no problem.

When a hacker uses IP spoofing, he is typically attempting an exploitation exercise where the remote system regards specific IP address(es) as being trusted. For example, Unix servers can trust other servers if their source address is a trusted IP address when you use utilities like rlogin, rcp etc.

Anyway ways to counter IP spoofing include:

1. Don't base trust relationships on servers by IP address alone. Combine with proper user authentication techniques.

2. Update your perimeter firewalls/routers such that you have an access list that scans traffic originating on the outside and drops it if it matches an internal subnet. e.g.

access-list 110 deny ip 202.44.54.0 0.255.255.255 any

This particular ACL, when applied inbound on an Internet/edge router, will prevent people spoofing a trusted IP range (in this example 212.44.54.0/24) that has been allocated to you.

Similarly you may be using private 10.x.x.x address space, you could also include in that ACL something like:

access-list 110 deny ip 10.0.0.0 0.0.0.255 any
access-list 110 permit any

Cisco have extended this by utilising something called Reverse Path Forwarding (RPF) that basically checks the interface a source IP connects on. If that source IP shouldn't be seen on that interface (i.e. it matches say a 10.x.x.x range you've deployed internally), the router/firewall determines this to be a spoofing attack and drops it right away.

Cisco talk in greath depth (as part of their SAFE program) about securing their devices. Their recommendations to be fair apply to any router. I've found a link from Cisco that explain all the kind of things you should consider doing at the edge of your network:


Hope this helps!
 
Very much so - thanks!

So basically in simple terms this ACL:

access-list 110 deny ip 202.44.54.0 0.255.255.255 any

basically says, "if you are outside this network and have this IP address you arn't getting in"

Is that correct?

Great help that though; have you done the security courses specifically? I am interested in this sort of thing and would like to do a more security focused course after my CCNA.

Also - If private addresses arn't routed, how is a hacker then still able to spoof an IP on a network using a private range?

'When all else fails.......read the manual'
 
Hi again Cyberspace

I would say your description of of that ACL is pretty accurate of wha it is trying to do.

You're right private addresses aren't.. or shouldn't be routed..

However what's happening here when a hacker spoofs a private address is he's faking his source address not the destination address. His destination address is the public address of the server and is therefore routable. His source address is a fake private address but, as you say, he won't see the response because his source address is (a) not his and (b) a private, non-routable address.

But an IP spoofer doesn't need to see the response. He has already predicted what the response from the server will be and sends an appropriate response to the server until that server is comprised.

IP Spoofing is a complicated process and takes a lot of ability, understanding and time on behalf of the hacker. Fortunately it's damn easy to detect, prevent and protect against.

Fortunately IP Spoofing would never be used by the kind of hackers typically called 'Script Kiddies' as these guys don't have the ability to perform this kind of attack. Fortunately the Internet is full of these kind of hackers and they greatly outnumber the hackers with real ability.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top