Yea.. sorry, I ment DNS spoofing.
however, you still can't spoof on most of the irc servers today.
On Tue, 26 Dec 2000, Aviram Jenik wrote:
> IP Spoofing is not DNS spoofing. Actually, there's very little in common
> between the two attacks.
>
> In DNS Spoofing, you want people who type www.amazon.com to reach your web
> site (www.geocities.com/someplace/attacker.html). This way, you can build a
> web page that looks like Amazon and make people send you their credit cards
> thinking they just bought a Christmas present.
>
> IP spoofing means faking another person's IP address, usually for one of two
> reasons: Do something the other person can (for example: bypassing TCP
> Wrappers by entering an IP address that is allowed to telnet in) or to
> 'frame' someone by making a third party think the victim was the one who
> performed an attack (or in the example below, to curse someone on IRC and
> make everybody think it was someone else).
>
> How do we do IP spoofing:
> Like someone mentioned before, hping can be used to create arbitrary
> packets, which are good for the second attack (framing somone):
> http://www.securiteam.com/tools/HPing__a_network_analysis_tool.html
>
> This will not work, however, for TCP/IP sessions (like IRC). Unlike UDP, TCP
> requires you to maintain a complete session, which means for example that
> you need to acknowledge every packet you receive. Since you don't actually
> *receive* the packet (someone else does: The person whose IP you faked) you
> don't know the packet's sequence numbering and thus you can't acknowledge
> it. Things start to complicate here, as some OSes have weak sequence
> numbering and thus these numbers can be guesses (or rather 'brute forced')
> but I'll ignore this for now.
> To play a bit with TCP/IP spoofing and hijacking (the lovely attack where
> you take a live TCP/IP session between the victim and a remote server and
> continue it for them - for example, hijack a telnet session after the user
> has logged in), try hunt or juggernaut:
> http://www.securiteam.com/tools/Hunt__a_new_Hijacking_software.html
> http://www.securiteam.com/tools/Juggernaut__a_session_hijacking_tool.html
>
> Try to run it on a victim on your local network (if your network is not
> switch based but rather hub based) and you'll have a lot of fun. Note that
> you need to be able to 'sniff' the responses in order for the hijacking to
> work.
>
> nmap (www.insecure.org/nmap) has a nice port scanning mode where you give IP
> addresses of 'decoys' and nmap spoofs port scans from them. This can be used
> to 'frame' someone you hate, but also makes it very difficult for the system
> administrator to know who really scanned him (imagine being scanned by 100+
> machines: Now you have to find out which one of them is the one who actually
> scanned you).
>
>
> How to do DNS Spoofing:
>
> The most common way is 'cache poisoning'. I won't write the whole
> explanation of it, since it's available in the link below:
> http://www.securiteam.com/windowsntfocus/DNS_Spoofing_and_Windows_NT_DNS.htm
> l
> (NOTE: URL might be wrapped)
>
> The explanation is about Windows NT DNS, but it is mostly true for Linux as
> well.
>
>
> - Aviram
>
>
> ----- Original Message -----
> From: "Sagi Bashari" <[EMAIL PROTECTED]>
> To: "Tizmo" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Tuesday, December 26, 2000 7:53 PM
> Subject: Re: spoofing DNS..
>
>
> > Tizmo,
> >
> > You cannot spoof your IP on IRC today. IRC works on TCP, not spoofable.
> > there used to be a way to spoof by exploiting some hole in old versions
> > of bind, but 99% of the DNS Servers today are patched.
> >
> > .. just leave it.
> >
> > On Tue, 26 Dec 2000, Tizmo wrote:
> >
> > > lets say i want to connect to an irc server with a spoofed ip, can i do
> it ?
> > > or i want to surf the web not with my real ip..
> > > if i and if i cant tell me how can i send pings with a spoffed ip .. and
> > > what is hping2 ?
> > >
> > > ----- Original Message -----
> > > From: <[EMAIL PROTECTED]>
> > > To: "'Tizmo'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> > > Sent: Tuesday, December 26, 2000 6:35 PM
> > > Subject: RE: spoofing DNS..
> > >
> > >
> > > >
> > > > depends what you want to do with it...
> > > > don't forget that sending packets from a spoofed ip, will result in no
> > > > replies...
> > > > if you want to do a spoof icmp or udp attacks you can use hping2 for
> > > > instance...
> > > > question still stands, what are you trying to accomplish?
> > > >
> > > > -----Original Message-----
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Tizmo
> > > > Sent: Tuesday, December 26, 2000 6:24 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: spoofing DNS..
> > > >
> > > >
> > > > i mean spoffing my ip
> > > > ----- Original Message -----
> > > > From: "Eddie Harari" <[EMAIL PROTECTED]>
> > > > To: "'Tizmo'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> > > > Sent: Tuesday, December 26, 2000 2:24 PM
> > > > Subject: RE: spoofing DNS..
> > > >
> > > >
> > > > > what exactly do you mean by spoofing DNS ,
> > > > >
> > > > > reply to requests that came to your dns server with fault data ???
> > > > > or spoof your IP ?
> > > > >
> > > > > -----Original Message-----
> > > > > From: Tizmo [mailto:[EMAIL PROTECTED]]
> > > > > Sent: Tuesday, December 26, 2000 12:24 PM
> > > > > To: [EMAIL PROTECTED]
> > > > > Subject: spoofing DNS..
> > > > >
> > > > >
> > > > > hey list,
> > > > > i heard about spoffing dns in linux .. like, changing your ip
> address to
> > > > > what ever you like it to be.
> > > > > i just wanted to know if it's true and if it is i really would like
> to
> > > > know
> > > > > how it's can be done.
> > > > > thanks.
> > > > >
> > > > >
> > > > > =================================================================
> > > > > To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > > > the word "unsubscribe" in the message body, e.g., run the command
> > > > > echo unsubscribe | mail [EMAIL PROTECTED]
> > > > >
> > > > > =================================================================
> > > > > To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > > > the word "unsubscribe" in the message body, e.g., run the command
> > > > > echo unsubscribe | mail [EMAIL PROTECTED]
> > > > >
> > > > >
> > > >
> > > >
> > > > =================================================================
> > > > To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > > the word "unsubscribe" in the message body, e.g., run the command
> > > > echo unsubscribe | mail [EMAIL PROTECTED]
> > > >
> > > >
> > > >
> > > > =================================================================
> > > > To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > > the word "unsubscribe" in the message body, e.g., run the command
> > > > echo unsubscribe | mail [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > >
> > > =================================================================
> > > To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > the word "unsubscribe" in the message body, e.g., run the command
> > > echo unsubscribe | mail [EMAIL PROTECTED]
> > >
> > >
> >
> > _
> > ___ __ _ __ _(_) Sagi Bashari
> > (_-</ _` / _` | | - [EMAIL PROTECTED]
> > /__/\__,_\__, |_|
> > |___/
> >
> >
> > =================================================================
> > To unsubscribe, send mail to [EMAIL PROTECTED] with
> > the word "unsubscribe" in the message body, e.g., run the command
> > echo unsubscribe | mail [EMAIL PROTECTED]
> >
> >
>
>
_
___ __ _ __ _(_) Sagi Bashari
(_-</ _` / _` | | - [EMAIL PROTECTED]
/__/\__,_\__, |_|
|___/
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
