I of course assume, you need to spoof packets for a legitimate reason, so I'll point you in the direction of a tool you can use for just that... Download and install TrafficGen from www.nantech.com .Limits you to 9999 packets to prevent malicious use
--- Steve Dispensa wrote: > A couple of amplifications: > > On Sun, 2003-03-16 at 20:51, Priscilla Oppenheimer wrote: > > Alan Stone wrote: > > > > > > Hi.. Group > > > > > > I always heard of those hacker spoof a IP and hack other people > > > system. Does spoof IP mean they are changing their source IP > > > so that they pass thru firewall? If yes, may I know what tool > > > can they use in order to change their source IP > .. > > To change your address, use the TCP/IP Control Panel or equivalent > in the > > operating system that you are using. > > More commonly (in my experience) people (skr1pt k1dd3z) use some > stupid > program on a UNIX computer that writes to the network on a raw > socket. > This way the administrator of the system doesn't have to know (as > long > as the user has root - required for raw sockets). > > > You probably won't get through any firewalls, though. Firewalls > make sure > an > > outsider isn't using an inside address. Routers ensure this too. It > can be > > easily accomplished with a simple access list. > > Those ACLs are far less common in enterprises than one would hope. > Routers should do ingress filtering, but if the attacker chooses just > a > random address, it won't be in the filter list. Most of the packet > floods I've been on the business end of have been completely random > addresses. In fact, some of them pick a random address per packet. > On > networks that do ingress filtering, the user may only have to pick an > address in the network's range, which will often still disguise his > true > identity. > > > Even before firewalls and routers watched for this, IP spoofing > didn't mean > > you could hack much unless you had additional hacking abilities. > You had to > > spoof the IP address of a trusted host and you had to be running > software > > that didn't care that you didn't see any replies. The replies go to > the > > legitimate holder of the IP address. > > Another scenario is the above-mentioned packet flood attack, which > still > happens every day to somebody. Outside of SYN floods, this is > usually > done with non-TCP datagrams, and the sender never reallly cares about > responses. > > A special case of this is the smurf attack - the attacker writes the > address of the victim host into the source address field and sends a > big > directed-broadcast ping to a big network. Each host on the network > sends a big response to the victim, chewing up most/all of its > bandwidth. > > As Priscilla pointed out, hijacking attacks are pretty difficult > these > days, given the ISN randomization and ingress filtering that many > firewalls and routers tend to do. It's usually easier to just > exploit a > security hole directly. > > -sd [EMAIL PROTECTED] ===== www.nantech.com/software Become a BGP Guru for just $75!!! __________________________________________________ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65583&t=65559 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]