Results 1 to 9 of 9
  1. #1
    2 Star Lounger
    Join Date
    Feb 2003
    Location
    Carrollton, Georgia, USA
    Posts
    123
    Thanks
    3
    Thanked 1 Time in 1 Post

    IP Masking / Using Different IP Address

    Hello,

    I'm doing some research on masking IP Addresses, or more specifically, using a fake ip address, or using someone elses ip address. Is this possible? Can you direct me to instructions or software that would allow a person to do this?

    Thanks!
    KST

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts

    Re: IP Masking / Using Different IP Address

    Here's some general information IP address spoofing - Wikipedia, the free encyclopedia. I don't think it would be appropriate for anyone in the Lounge to advertise software for doing this. As you can see from the Wikipedia article it is used for nefarious purposes. I

    Joe
    Joe

  3. #3
    2 Star Lounger
    Join Date
    Feb 2003
    Location
    Carrollton, Georgia, USA
    Posts
    123
    Thanks
    3
    Thanked 1 Time in 1 Post

    Re: IP Masking / Using Different IP Address

    Thank you Joe. So, in your opinion, it would be possible for me to appear as if I were using your computer? Obviously, I would need to know your IP address, and possibly some other info, but would this be possible?

    KST

  4. #4
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: IP Masking / Using Different IP Address

    From the Wikipedia article Joe linked to......

    "By forging the header so it contains a different address, an attacker can make it appear that the packet was sent by a different machine."
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  5. #5
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: IP Masking / Using Different IP Address

    As long as you don't actually want a response back, you can make it appear that any computer sent a packet. But that probably isn't very useful for your purpose, whatever it is.

  6. #6
    2 Star Lounger
    Join Date
    Feb 2003
    Location
    Carrollton, Georgia, USA
    Posts
    123
    Thanks
    3
    Thanked 1 Time in 1 Post

    Re: IP Masking / Using Different IP Address

    I apologize, let me give you alittle more info.... I'm not actually trying to do this, I just want to know if it's possible. I'm researching this for a client.

    A password was changed. Records were subpoenaed, and the records indicate the password was changed using a computer at a specific IP address. That IP address belongs to a person who should not have been changing the passwords. The question is posed.... could someone else have changed the password from another IP address using masking / spoofing software.

    I think it's possible, but not probable.

    I wanted to know what you guys think.

    Thanks!
    KST

  7. #7
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: IP Masking / Using Different IP Address

    I assume this is a switched network environment. Switches very efficiently "learn" the port location of an IP address, but they also need the capability to unlearn it, for example, when a device is moved to a new port. It might be possible to assign someone else's IP address to your device and then interact with the network in some manner to hasten this process and thereby take over the other device's IP address temporarily -- for example, while the other device is offline. But I'm not familiar with attacking a switched network, so it's just a hypothesis. And I'm not sure whether there would be any record of this unless the switch was set up for auditing.

    In the DHCP context, it's also possible that the IP address was leased to a different device at the time of the relevant event, although in real life devices tend to keep renewing the same address. Unless you have a MAC address, that could be difficult to prove/disprove.

  8. #8
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: IP Masking / Using Different IP Address

    I think the answer to your question depends upon how ernest the needs of the person who "may" have changed the password were to access or change the information made available by the spoof.

    It is possible for someone to access another computer and obtain their IP address and then use that IP to send out email from their own computer that appears to come from the compromised computer by spoofing the IP address. That's how many SPAM mailers keep one step ahead, using spoofed IPs to send out their junk.

    Changing a password on one computer from another can be done with Trojan Horse software loaded on the target computer by the one changing the password or via email or download.

    So, to answer your questions directly, it is entirely "possible" for someone to change a password on one computer from a remote computer and hide the identity of the computer used to make the change by spoofing the IP address of the person you currently suspect made the change to direct suspicion towards them. The ability to do this depends on the security of the network or individual computer and the computer expertise of the person doing the hacking. And this type of activity is just that, hacking and cracking.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  9. #9
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts

    Re: IP Masking / Using Different IP Address

    It is surprisingly easy to use ARP Cache Poisining to intercept and replace traffic between two computers. This can be done in a few seconds using freely available tools and afterwards every packet you send to the host you have chosen will appear to have come from the other PC.

    You can even use simple routing to route incoming packets from the server to the original PC so that they won't know you are doing this.

    Scary stuff!

    StuartR

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •