Alan Stone wrote: > > Hi.. Group > > I always heard of those hacker spoof a IP and hack other people > system. Does spoof IP mean they are changing their source IP > so that they pass thru firewall? If yes, may I know what tool > can they use in order to change their source IP
Spoofing an IP address means that you change your IP address to be that of some other host. Packets from you will have that address in the Source IP Address field of the IP header. For example, you could change your address to be in the range of inside trusted addresses, even though you are on the outside. To change your address, use the TCP/IP Control Panel or equivalent in the operating system that you are using. You probably won't get through any firewalls, though. Firewalls make sure an outsider isn't using an inside address. Routers ensure this too. It can be easily accomplished with a simple access list. Even before firewalls and routers watched for this, IP spoofing didn't mean you could hack much unless you had additional hacking abilities. You had to spoof the IP address of a trusted host and you had to be running software that didn't care that you didn't see any replies. The replies go to the legitimate holder of the IP address. So, let's say that you start a 3-way handshake claiming that your address is 10.0.0.1. You send a SYN. The SYN ACK goes to the real holder of the 10.0.0.1 address. You send an ACK anyway after waiting the proper amount of time. For this to work, you have to guess what sequence number the target host is using in its SYN ACK packet. These days most operating systems and/or firewalls randomize the initial sequence number so you can't guess it. Even if you got that far and established a 3-way handshake, you would have to keep guessing at sequence numbers and you would have to know how to get root access or equivalent, or have some other hacking abilities to do any damage. Priscilla > > Thanks a lot > > > > --------------------------------- > Do you Yahoo!? > Yahoo! Web Hosting - establish your business online > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65563&t=65559 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]