Re: spoofing IP's in w2k

From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 01/07/03

• Next message: Karl Levinson [x y] mvp: "Re: closing a specific port"
• Previous message: oily timbers: "Access to C Drive"
• In reply to: Dennis Houchin: "spoofing IP's in w2k"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Karl Levinson [x y] mvp" <levinson_k@excite.com>
Date: Tue, 7 Jan 2003 11:23:20 -0500

... although unless you choose to only communicate with computers running
Microsoft-compatible IPSec and block everything else, spoofing is still
possible. Doing this on your computer would probably mean no web browsing,
no ICMP for pings or traceroutes, etc. This would probably not stop someone
from using spoofing to flood your computer with a DoS attack, since your
computer would still have to process all the packets it received.

Some firewalls will let you block someone from spoofing an IP address on
your internal network to make it look like a computer on the internet is
really on your internal network.

Not all attacks are possible through spoofing. Spoofing is more common with
attacks like denial of service and some kinds of port scans / enumeration
where the attacker does not care whether or not they get the responses back,
since getting a response back from a spoofed packet can be tricky. There
are attacks like the Kevin Mitnick attack / man in the middle that can do
more, but these are not the most common attack out there, especially in
today's Windows world which doesn't tend to use .RHOSTS files to grant
permissions to certain trusted IP addresses.

"Dennis Houchin" <Dennis@adhocis.com> wrote in message
news:004001c2b488$9c7bdbb0$8af82ecf@TK2MSFTNGXA03...
> Hi,
>
> Assuming that you have the appropriate tools, yes you can
> spoof your ip address with Win2k. NMAPWIN is one such tool.
>
> Since IPSEC is intolerant of any modification to the IP
> Header, once a valid encrypted IPSEC connection is
> negotiated, it would be impossible to spoof the ip address.
>
> Dennis
>
>
> >-----Original Message-----
> >can you spoof ip's in win2k? if not why not?can IPsec
> >prevent spoofing?
> >.
> >

---

• Next message: Karl Levinson [x y] mvp: "Re: closing a specific port"
• Previous message: oily timbers: "Access to C Drive"
• In reply to: Dennis Houchin: "spoofing IP's in w2k"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: Traces ... >have to be under attack. ... >to locate the attackers when spoofing is being employed. ... >Undeliverable messages come, come to me!! ... We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. ... (Security-Basics) Re: Is PortSentry really safe to use? ... A DoS can still be achieved by spoofing attack ... // Prelude IDS: http://www.prelude-ids.org/ ... (FreeBSD-Security) spoofing IPs in w2k ... can you spoof ip's in win2k? ... if not why not?can IPsec ... prevent spoofing? ... (microsoft.public.win2000.security) Firewall Log Eintrag ... kann mir vielleicht jemand erklären wieso ich ständig solche ip spoofing ... Einträge drin habe? ... 192.198.0.255:520 ATTACK ... wieso bin ich die source und destination? ... (microsoft.public.de.security.netzwerk.sicherheit) Re: IPSEC not blocking specific IP address per Ethereal ... > spammer trying to relay through me. ... This is an IPSEC issue. ... > overwhelmed with worms and spammers doing what amounts to a DOS attack ... IPsec is just one part of the security solution and is not a stop and ... (comp.security.firewalls)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)