sponse to go to
another host (the spoofed address), like smurf attacks and the like.
DoPo
>From: Dee Harrod <[EMAIL PROTECTED]>
>To: SecurityBasics <[EMAIL PROTECTED]>
>Subject: Spoofing question?
>Date: Tue, 27 Nov 2001 12:18:06 -0800 (PST)
>
>How does spoofing
idle scans
with nmap and hping2. Below is the link.
HTH and not confused,
Leon
http://www.sans.org/infosecFAQ/audit/hping2.htm
- -Original Message-
From: Dee Harrod [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 27, 2001 3:18 PM
To: SecurityBasics
Subject: Spoofing question?
How
On Tuesday 27 November 2001 02:18 pm, Dee Harrod wrote:
> How does spoofing work?
>
> If I change the source address of my outbound packet,
> how do I get the response? How does it get back to me?
>
> -- Dee
>
spoofed packets dont get sent back to you, they go to wherever the spoofed
address shou
On Tue, 27 Nov 2001, Dee Harrod wrote:
> How does spoofing work?
First, you need to understand how the two IP transport layer protocols,
TCP and UDP, operate. I'll defer to Stevens' excellent book TCP/IP
Illustrated, Vol. 1. Everyone involved in TCP/IP networking and
programming should own thi
> How does spoofing work?
>
> If I change the source address of my outbound packet,
> how do I get the response? How does it get back to me?
>
> -- Dee
Simply put it doesn't get back to you.
Spoofing usually is used with ICMP instead of TCP. ICMP doesn't require any
acknowledgement to per
of attack works.
- Original Message -
From: "Dee Harrod" <[EMAIL PROTECTED]>
To: "SecurityBasics" <[EMAIL PROTECTED]>
Sent: Tuesday, November 27, 2001 12:18 PM
Subject: Spoofing question?
> How does spoofing work?
>
> If I change the source address
> From: Dee Harrod [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, November 27, 2001 12:18 PM
> To: SecurityBasics
> Subject: Spoofing question?
>
>
> How does spoofing work?
>
> If I change the source address of my outbound packet,
&g
PROTECTED]>
Sent: Tuesday, November 27, 2001 9:18 PM
Subject: Spoofing question?
> How does spoofing work?
>
> If I change the source address of my outbound packet,
> how do I get the response? How does it get back to me?
>
> -- Dee
>
>
that it helps.
Thanks,
Nate Duzenberry
Information Security Services
Wells Fargo Services Company
+mailto:[EMAIL PROTECTED]
-Original Message-
From: Dee Harrod [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 27, 2001 2:18 PM
To: SecurityBasics
Subject: Spoofing question?
How does spoof
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> -Original Message-
> From: Dee Harrod [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, November 27, 2001 12:18 PM
> To: SecurityBasics
> Subject: Spoofing question?
>
>
> How does spoofing work?
>
> If I c
On Tue, Nov 27, 2001 at 12:18:06PM -0800, Dee Harrod wrote:
> How does spoofing work?
>
> If I change the source address of my outbound packet,
> how do I get the response? How does it get back to me?
>
If the spoofed source address is one you can't monitor, then it doesn't
get back to you. The
How does spoofing work?
If I change the source address of my outbound packet,
how do I get the response? How does it get back to me?
-- Dee
__
Do You Yahoo!?
Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.ya
;
Gaziel
- -Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: ?? 17 ?? 2001 18:15?
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: nmap-spoofing-question
> when you include spoofed addresses you should include a real ip
> address that you want a r
When using this command, the IP snort spits out is always the one given with
"-S", but in the /var/log/messages i can see a lookup for the real IP of the
machine which is doing the scan. So I don't really believe, that it's binding
another one. I tried to have a closer look in the headers with sno
Perhaps it binds another IP to the card if you use those 2 options. In linux
(dunno about windows) it's very easy to have 1 ethernetcard listen to more
than 1 ip address. If you use that option try to see if the box responds to
the IP you gave by pinging it.
(BTW it says YOUR IP so you're NOT
s.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Saturday, September 15, 2001 3:24 PM
To: [EMAIL PROTECTED]
Subject: nmap-spoofing-question
Hi all.
I hope anybody can help me with this little question. How is it possible
to get
the scanning-results with nmap, wh
September 16, 2001 12:23 AM
Subject: nmap-spoofing-question
> Hi all.
>
> I hope anybody can help me with this little question. How is it possible
to get
> the scanning-results with nmap, when I spoof the address? I thought, that
if a
> computer gets a syn-packet or whatever, it
> when you include spoofed addresses you should include a real ip address that
> you want a reply to come back to. man nmap for more information about using
> the decoy option.
Hmm. That's clear, but why does the "-S"-option work? When I use this option
together with the "-e" I get back the resu
: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Saturday, September 15, 2001 10:24 AM
To: [EMAIL PROTECTED]
Subject: nmap-spoofing-question
Hi all.
I hope anybody can help me with this little question. How is it possible to
get
the scanning-results with nmap, when I spoof the address? I thought
i think youre referring to nmap's decoy option (-D).
true, you will only receive the packets destined for your ip. but your ip _and_ the
decoy ip/ip's you provided show up in a log file, instead of _just_ your ip. this
makes it more difficult for someone examining a log file to tell where the s
Hi.
All my apologies to the people who have spent their time answering my question.
I've asked my question not precisely enough... (uuhm... oops)
What I really meant were the options "-S" and "-e". Why do I get answers from
machines I've scanned when using these options? Is my real IP-address inc
Hi all.
I hope anybody can help me with this little question. How is it possible to get
the scanning-results with nmap, when I spoof the address? I thought, that if a
computer gets a syn-packet or whatever, it sends its syn-ack or whatever back to
the ip which sent the syn or any other kind of pa
22 matches
Mail list logo