Search Results

Search found 98 results on 4 pages for 'spoofing'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1/4 | 1 2 3 4  | Next Page >

  • Practical way to implement prevention of IP Spoofing

    - by user1369975
    I am an undergraduate Computer Science student and was hoping to gain some knowledge of ways to help prevent IP spoofing but all the resources I have tried out elaborate this concept in a theoretical way. I want to try out my hands at one of the techniques like: http://en.wikipedia.org/wiki/Port_knocking http://en.wikipedia.org/wiki/SYN_cookies How do I simulate this whole situation in my own system were I myself am the attacker and I myself have to defend it? And once I have gained an understanding of it, then how do I start translating that into programming terms?

    Read the article

  • Preventing Email Spoofing

    - by DT
    I use Google Apps with my domain. Recently, we have begun to receive spam that gets past Google's spam filters. They are from our own email addresses. I am wondering how to prevent this kind of email spoofing. We use an SPF record with the "~all" setting. I'm wondering if I can upgrade that to "-all". However, Google Apps recommends against it. Also, I'm not 100% sure that our SPF record is complete. Any suggestions? Thank you ever so much.

    Read the article

  • Exchange 2010 email spoofing prevention

    - by holian
    Masters, Unfortunately we got some spam mail which seems to be coming from our own domain. I found some article which all says to remove Anonymous login from internet receive connector (http://exchangepedia.com/2008/09/how-to-prevent-annoying-spam-from-your-own-domain.html) I think i something misunderstood about those articles, because if i remove the Anonymous connection e-mails did not receive from external address (like gmail - Diagnostic-Code: SMTP; 530 5.7.1 Client was not authenticated) Some pictures about our configuration:

    Read the article

  • Any way I can correct DNS spoofing against our domain

    - by brandon
    This morning I found out that our domain and subdomains have been poisoned on the 4.2.2 and 4.2.2.1 DNS servers along with others I think, though I have not confirmed others yet. Using OpenDNS resolution works correctly. I have updated our local DNS servers and cleared their cache which has fixed things internally. The issue is that the domain is public facing and customers are having problems. We are the authoritative DNS server for the domain and all that is under our control. What I don't know how to do is fix the name servers out of our control. Is there something we can do on our end? At the moment the only workaround I can think of is to ask customers to change their DNS to OpenDNS which is not very practical. The other workaround would be to change our TLD, which is less practical.

    Read the article

  • Security against IP spoofing [on hold]

    - by user1369975
    I am pursuing a college project, in which I am running three fake services on three ports to protect the main service (say running at port 80). The concept is that if the user is malicious, he'll try to bring the services down and access the fake services. These ports adopt a blocking process of a connection request and record the IP and port of the client. These are logged and aren't granted access on service on port 80. But what to do if the client spoofs his IP? How can I modify my system?

    Read the article

  • IP address spoofing on c#

    - by SomeOne
    Is it true if I want to make ip spoofing program I need only a program that can change my machine ip address??? if true how can i use System.Net - IPAddress Class to set the ip address ....

    Read the article

  • IP address spoofing

    - by SomeOne
    Is it true if I want to make ip spoofing program I need only a program that can change my machine ip address??? if true how can i use System.Net - IPAddress Class to set the ip address ....

    Read the article

  • Spoofing UserAgent in Opera

    - by PoweRoy
    I'm trying to spoof Opera (under linux) to be an other browser, in this case iPad for some testing purposes. Now I know sites can check which browser is accessing the using for example in PHP $useragent = $_SERVER['HTTP_USER_AGENT']; and in javascript navigator.userAgent (or navigator.platform). In firefox you can use an addon to easily switch your useragent and other relevant information, but in Opera it seems it bit hard to do. First in opera.ini you can do: [User Agent] Spoof UserAgent ID=1 But this is limited to a predefined list of UserAgents. No room for custom ones. Also in opera.ini [ISP] Id=iPad This will add iPad to the User Agent of Opera. It's a start and works most of the time on the sites. In opera.ini you can set a 'User JavaScript file' to load a custom JavaScript file before loading a website: [User Prefs] User JavaScript File=/opera_dir/userjs/load.js In load.js you can do: navigator.userAgent = "Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B334b Safari/531.21.10" Because this file gets executed before loading the website I can modify the UserAgent, but this won't work when a site is checking the UserAgent via PHP, but it works for sites checking with Javascript) So here's my question: is there another way of spoofing a complete custom UserAgent?

    Read the article

  • IP address spoofing using Source Routing

    - by iamrohitbanga
    With IP options we can specify the route we want an IP packet to take while connecting to a server. If we know that a particular server provides some extra functionality based on the IP address can we not utilize this by spoofing an IP packet so that the source IP address is the privileged IP address and one of the hosts on the Source Routing is our own. So if the privileged IP address is x1 and server IP address is x2 and my own IP address is x3. I send a packet from x1 to x2 which is supposed to pass through x3. x1 does not actually send the packet. It is just that x2 thinks the packet came from x1 via x3. Now in response if x2 uses the same routing policy (as a matter of courtesy to x1) then all packets would be received by x3. Will the destination typically use the same IP address sequences as specified in the routing header so that packets coming from the server pass through my IP where I can get the required information? Can we not spoof a TCP connection in the above case? Is this attack used in practice?

    Read the article

  • dlink arp spoofing prevention

    - by Wiploo
    someone can help me understanding arp spoofing prevention on dlink dgs-3100 (ftp://ftp2.dlink.com/PRODUCTS/DGS-3100-48P/REVA/DGS-3100-48P_MANUAL_3.60_EN.PDF). I'd like to protect my gateway MAC/IP from spoofing so I'have tryed to add a rule "IP: 192.168.1.1 MAC: aa-aa-aa-aa-aa-aa" flagging all the port of the switch as untrusted. When I apply the rule I lose connection to all pc attached to the switch. I certanly made some errors, but I can't understand what is wrong. Best Regards

    Read the article

  • What's the best way to block IP spoofing on a layer 3 switch?

    - by toupeira
    We're hosting Dedicated Servers and are currently using old 3com switches with IP-based ACLs. So each port has an ACL that allows all IP addresses assigned to this customer, and blocks everything else. But now 3com was bought by HP, and the follow-up model only supports basic ACL that aren't flexible enough to both allow certain IPs while blocking others. Looking at other switches in a similar price-range, we've found that most of them have similar problems or don't offer any ACL features at all. I assume this could also somehow be done with VLANs, but if I understand this correctly we'd still need some kind of ACL to actually specify the valid IP addresses for each port. What do you use to make sure your customers don't use unassigned IP addresses? Or what switches can you recommend that have flexible ACL functionality?

    Read the article

  • How to avoid intrusion detection/anti spoofing issue on a sonicwall TZ series FW

    - by Ian
    We have a sonicwall tz series FW with two internet service providers connected. One of the providers has a wireless service which works a bit like an ethernet switch in that we have an ip with a /24 subnet and the gateway is .1. All other clients on the same subnet (say 195.222.99.0) have the same .1 gateway - this is important, read on. Some of our clients are also on the same subnet. Our config: X0 : Lan X1 : 89.90.91.92 X2 : 195.222.99.252/24 (GW 195.222.99.1) X1 and X2 are not connected, other than both being connected to the public Internet. Client config: X1 : 195.222.99.123/24 (GW 195.222.99.1) What fails, what works: Traffic 195.222.99.123 (client) <- 89.90.91.92 (X1) : Spoof alert Traffic 195.222.99.123 (client) <- 195.222.99.252 (X1) : OK - no spoof alert I have several clients with IPs in the 195.222.99.0 range and all provoke identical alerts. This is the alert I see on the FW: Alert Intrusion Prevention IP spoof dropped 195.222.99.252, 21475, X1 89.90.91.92, 80, X1 MAC address: 00:12:ef:41:75:88 Anti-spoofing is switched off on my FW (network-mac-ip-anti-spoofing - config for each interface) for all ports I can provoke the alerts by telneting to a port on X1 from the clients. You can't argue with the logic - this is suspicious traffic. X1 is receiving traffic with a source IP which corresponds to X2s subnet. Anyone know how can I tell the FW that packets with a src subnet of 195.222.99.0 can legitimately appear on X1? I know whats going wrong, I've seen the same thing before, but with higher end FWs you can avoid this with a few extra rules. I can't see how to do this here. And before you ask why we're using this service provider - they give us 3ms (yep 3ms, thats not an error) delay between routers.

    Read the article

  • allow spoofing when using tun

    - by Johnny
    I have a working openvpn setup with a server and a number of clients. How would i go around allowing IP spoofing through the openvpn server? (to demonstrate security concepts)? A normal ping from client to server goes through all right: root@client: hping3 10.8.0.1 HPING 10.8.0.1 (tun0 10.8.0.1): NO FLAGS are set, 40 headers + 0 data bytes len=40 ip=10.8.0.1 ttl=64 DF id=0 sport=0 flags=RA seq=0 win=0 rtt=124.7 ms root@server:/etc/openvpn# tcpdump -n -i tun0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on tun0, link-type RAW (Raw IP), capture size 65535 bytes 10:17:51.734167 IP 10.8.0.6.2146 > 10.8.0.1.0: Flags [], win 512, length 0 But when spoofing a packet, it does not arrive at the openvpn server: root@client: hping3 -a 10.0.8.120 10.8.0.1 HPING 10.8.0.1 (tun0 10.8.0.1): NO FLAGS are set, 40 headers + 0 data bytes root@server:/etc/openvpn# tcpdump -n -i tun0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on tun0, link-type RAW (Raw IP), capture size 65535 bytes My current config files server.conf local X.Y.Z.P port 80 proto tcp dev tun ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh1024.pem server 10.8.0.0 255.255.255.0 push "redirect-gateway def1 bypass-dhcp" keepalive 10 120 comp-lzo persist-key persist-tun persist-local-ip status openvpn-status.log verb 3 client.conf client dev tun proto tcp remote MYHOST..amazonaws.com 80 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key ns-cert-type server comp-lzo verb 3

    Read the article

  • IP address spoofing using Source Routing

    - by iamrohitbanga
    With IP options we can specify the route we want an IP packet to take while connecting to a server. If we know that a particular server provides some extra functionality based on the IP address can we not utilize this by spoofing an IP packet so that the source IP address is the privileged IP address and one of the hosts on the Source Routing is our own. So if the privileged IP address is x1 and server IP address is x2 and my own IP address is x3. I send a packet from x1 to x2 which is supposed to pass through x3. x1 does not actually send the packet. It is just that x2 thinks the packet came from x1 via x3. Now in response if x2 uses the same routing policy (as a matter of courtesy to x1) then all packets would be received by x3. Will the destination typically use the same IP address sequences as specified in the routing header so that packets coming from the server pass through my IP where I can get the required information? Can we not spoof a TCP connection in the above case? Is this attack used in practice?

    Read the article

  • ISA 2006 refuses VPN DHCP requests as spoofing

    - by Daniel
    I'm running ISA 2006 with PPTP VPN for my AD-controlled network. DHCP is located on the ISA server itself and authentication is done by RADIUS (NPS) located on the DC. Right now my VPN clients can connect, access local DNS, and can ping ISA, the DC, and other clients. Here's where it gets weird. I noticed that despite all this, ipconfig shows the following: PPP adapter North Horizon VPN: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : North Horizon VPN Physical Address. . . . . . . . . : DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 10.42.4.7(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : 0.0.0.0 DNS Servers . . . . . . . . . . . : 10.42.1.10 NetBIOS over Tcpip. . . . . . . . : Enabled So I went over and checked my ISA logs for both DHCP requests and replies, only to find out that my VPN clients are being denied because ISA thinks its a spoof. Here's some relevant information from the log (the VPN subnet is 10.42.4.0/24): Client IP: 10.42.4.6 Destination: 255.255.255.255:67 Client Username: (blank) Protocol: DHCP (request) Action: Denied Connection Rule: (blank) Source Network: VPN Clients Destination Network: Local Host Result Code: 0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED Network Interface: 10.42.4.11 --------------------------------------------------------- Original Client IP: 10.42.4.6 Destination: 10.42.1.1 Client Username: (valid user) Protocol: PING Action: Initiated Connection Rule: Allow PING to ISA Source Network: VPN Clients Destination Network: Local Host Result Code: 0x0 ERROR_SUCCESS Network Interface: (blank) I wasn't sure what this 10.42.4.11 network interface was - it certainly wasn't something I had setup - untill I saw it in Routing and Remote Access under IP Routing General as an interface called "Internal" bound to the same IP address. I also noticed that since ISA takes blocks of 10 IP addresses from DHCP for VPN, it had reserved 10.42.4.2-11. I'm not sure if it means anything, though. Thanks for your help.

    Read the article

  • Spoofing MAC address to match other device

    - by boj
    At my school, there is a WiFi network where you can register up to one computer or phone. I, however, wish to connect my phone and my computer (Windows 7). I talked to an IT guy at my school and he told me that it registers the computer based on the MAC address (For the record, he's the one who suggested I spoof). So, I got my phone's MAC and now I want to change my computer's address to the same thing. I found this link and this video, so I know how to change it. I was wondering if that would run into problems because they are normally on the same network at home.

    Read the article

  • Spoofing domains - using one domain to look at another without frame redirect

    - by hfidgen
    Hiya, In Plesk 9.2.2 does anyone know how the following can be achieved? I've got domain1.co.uk registered in plesk, but the domain has not been set up with any nameservers or A records, so it is unreachable from the web. However, I need to test it while we get the domain1.co.uk nameservers etc sorted over the next week or so. SO, i've got sparedomain.co.uk registered, with the nameservers and A records pointing to the server, and sure enough it displays the default plesk "theres no website here yet page" . bingo. Now, how can I set up sparedomain.co.uk on my plesk server, so it displays all the data held on the plesk account for domain1.co.uk? Frame forwarding doesnt work - because you get errors saying "domain1.co.uk cannot be found" in your browser - i need a server solution to spoof it all. Anyone got any ideas? Thanks!

    Read the article

  • Spoofing domains - using one domain to look at another without frame redirect

    - by hfidgen
    In Plesk 9.2.2 does anyone know how the following can be achieved? I've got domain1.co.uk registered in plesk, but the domain has not been set up with any nameservers or A records, so it is unreachable from the web. However, I need to test it while we get the domain1.co.uk nameservers etc sorted over the next week or so. SO, i've got sparedomain.co.uk registered, with the nameservers and A records pointing to the server, and sure enough it displays the default plesk "theres no website here yet page" . bingo. Now, how can I set up sparedomain.co.uk on my plesk server, so it displays all the data held on the plesk account for domain1.co.uk? Frame forwarding doesnt work - because you get errors saying "domain1.co.uk cannot be found" in your browser - i need a server solution to spoof it all. Anyone got any ideas? Thanks!

    Read the article

  • Spam mail through SMTP and user spoofing

    - by Josten Moore
    I have noticed that it's possible to telnet into a mailserver that I own and send spoofed messages to other clients. This only works for the domain that the mail server is regarding; I cannot do it for other domains. For example; lets say that I own example.com. If I telnet example.com 25 I can successfully send a message to another user without authentication: HELO local MAIL FROM: [email protected] RCPT TO: [email protected] DATA SUBJECT: Whatever this is spam Spam spam spam . I consider this a big problem; how do I secure this?

    Read the article

  • Preventing Spoofing with Paypal

    - by wcpro
    I have a scenario where i need to have a user checkout through PayPal and then once we receive the payment then we create a membership record in our membership site. The PayPal requires a "return" field when you submit the form button that will take the user back to our page once the order has been successfully processed. On that page is where we actually track the sale and fire a chunk of javascript to track the sale. So my question is this, how can i make sure that the return page comes from PayPal and is not spoofed by a user in the system. I know there is a way to use the notify_url to have PayPal post back to our system, but in this case i have to run a chunk of javascript. Is there an easy way to do this, or would i have to write some looping/timeout function that checks to see if the notify post has come through? Im using .net to do the posting to paypal

    Read the article

  • How to prevent a hacked-server from spoofing a master server?

    - by Cody Smith
    I wish to setup a room-based multilayer game model where players may host matches and serve as host (IE the server with authoritative power). I wish to host a master server which tracks player's items, rank, cash, exp, etc. In such a model, how can I prevent someone that is hosting a game (with a modified server) from spoofing the master server with invalid match results, thus gaining exp, money or rankings. Thanks. -Cody

    Read the article

  • C# HTTP Headers crafting

    - by rukqoa
    Since Http Headers can be crafted and customize, how would I change or modify the IP part of it using C# 's HttpWebRequest class. In other words, how can IP Spoofing be done using C#. Thanks for reading.

    Read the article

  • Reason to use more cookies than just a session hash for authentication?

    - by dierre
    I usually hang out in a community using vBulletin as its bulletin board. I was looking at what this software saves as cookie in my browser. As you can see it saves 6 cookies. Amongst them, what I consider to be important for authentification are: ngivbsessionhash: hash of the current session ngivbpassword: hash of the password ngivbuserid: user's id Those are my assumptions of course. I don't know for sure if ngilastactivity and ngilastvisit are used for the same reason. My question is: why use all these cookie for authentication? My guess would be that maybe generating a session hash would be to easy so using the hashedpassword and userid adds security but what about cookie spoofing? I'm basically leaving on the client all fundamental informations. What do you think?

    Read the article

  • ISA Server dropping packets as it believes they are spoofed

    - by RB
    We have ISA Server 2004 running on Windows Server 2003 SP2. It has 2 NICs - one internal called LAN on 192.168.16.2, with a subnet of 255.255.255.0, and one external called WAN on 93.x.x.2. The default gateway is 93.x.x.1 (our modem). This machine also accepts VPN connections. We are having a problem with a scanner, which is trying to save a scan into a network share. Every time we try to scan, ISA Server logs the following Denied Connection Log type: Firewall service Status: A packet was dropped because ISA Server determined that the source IP address is spoofed. Rule: Source: Internal ( 192.168.16.54:1024) Destination: Internal ( 192.168.16.255:137) Protocol: NetBios Name Service Pinging 192.168.16.54 from the ISA Server works fine. In ISA Server, going into Configuration → Networks, there are 5 Networks : - External (inbuilt) - Internal (defined as 192.168.16.0 → 192.168.16.255) - Local Host (inbuilt) - Quarantined VPN Clients (inbuilt) - VPN Clients (inbuilt) Finally, under Network Connections → Advanced → Advanced Settings..., the connections are in the following order : - LAN - WAN - [Remote Access Connections] If we try to scan onto a workstation it works fine. Please let me know if you need any more info - many thanks. RB.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

1 2 3 4  | Next Page >