-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi again Dee,
Spoofing is usually for subversion of trust attacks and work with
session hijacking. Probably the most famous example of this would be
the Christmas attack by mitnick (I believe he spoofed his ip to be
that of the trusted system
You basically DON'T get the response - unless you are on the same small
network segment as the target address and the address you are spoofing, in
which case you can sniff the wire and see the packet, but not really
recieve it. Most uses of spoofing are when you mean the response to go to
On Tue, Nov 27, 2001 at 12:18:06PM -0800, Dee Harrod wrote:
How does spoofing work?
If I change the source address of my outbound packet,
how do I get the response? How does it get back to me?
If the spoofed source address is one you can't monitor, then it doesn't
get back to you. There
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-Original Message-
From: Dee Harrod [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 27, 2001 12:18 PM
To: SecurityBasics
Subject: Spoofing question?
How does spoofing work?
If I change the source address of my outbound
I have been working on my SANS.org GIAC GSEC certification. They have one
of the best resources to explain IP spoofing and associated threats. Here
is a link to some of their public content.
http://www.sans.org/cgi-bin/htdig/htsearch?method=andconfig=htdigwords=ip+
spoofing
Hope that it helps.
Check out Ian Vitek's talk on IP spoofing and source routing for DefCon 8.
http://www.defcon.org/defcon-media-archives-defcon.html
But source routing is your simple answer... Assuming the target accepts
source routed packets (my systems don't ;).
Otherwise, you don't see what you get back,
hi
you dont get a response. The real response goes to the spoofed address.
This type of spoofing is referred to as flying blind attack or one-way
attack.
http://www.fc.net/phrack/files/p48/p48-14.html check out this article in
phrack, this is a good explanation as to how this type of attack
How does spoofing work?
If I change the source address of my outbound packet,
how do I get the response? How does it get back to me?
-- Dee
Simply put it doesn't get back to you.
Spoofing usually is used with ICMP instead of TCP. ICMP doesn't require any
acknowledgement to perform
On Tue, 27 Nov 2001, Dee Harrod wrote:
How does spoofing work?
First, you need to understand how the two IP transport layer protocols,
TCP and UDP, operate. I'll defer to Stevens' excellent book TCP/IP
Illustrated, Vol. 1. Everyone involved in TCP/IP networking and
programming should own