| |
Kylie4
Member
2011-Mar-23 12:51 pm
[Virus] IP spoofingIs it possible to spoof an IP? My friend is getting a message popping up an error message that they have a conflict with another IP address, which they thought was a virus at first.
The problem is, it shows their IP logging into 4 other accounts and deleting someones page. They insist they did not do this and I believe them. I am wondering this message they have been getting is someone hacking on to their computer and using their IP. |
|
 lilhurricaneCrunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone |
Moving to Security... |
|
|
 AVDRespice, Adspice, Prospice
Premium Member
join:2003-02-06
Onion, NJ
1 recommendation |
AVD to Kylie4
Premium Member
2011-Mar-23 2:26 pm
to Kylie4
said by Kylie4:Is it possible to spoof an IP? yes said by Kylie4:My friend is getting a message popping up an error message that they have a conflict with another IP address, which they thought was a virus at first. could be a network configuration error. said by Kylie4:The problem is, it shows their IP logging into 4 other accounts and deleting someones page. They insist they did not do this and I believe them. I am wondering this message they have been getting is someone hacking on to their computer and using their IP.
yes |
|
| |
to Kylie4
More to the point it is probably someone stealing their wireless signal. |
|
| |
Kylie4
Member
2011-Mar-23 3:34 pm
said by voxframe:More to the point it is probably someone stealing their wireless signal.
Maybe, but this person is accused on logging on to 4 peoples accounts that they knew. Unlikely a random person would go through the effort to frame them. |
|
SipSizzurpFo' Shizzle
Premium Member
join:2005-12-28
Houston, TX |
said by Kylie4:Unlikely a random person would go through the effort to frame them.
It is infinitely more unlikely that a Virus would randomly guess the log in credentials of 4 friend's webpages. |
|
| |
Kylie4
Member
2011-Mar-23 4:32 pm
true, but could someone who knew the ip addy spoof it? |
|
TheWiseGuyDog And Butterfly
MVM
join:2002-07-04
East Stroudsburg, PA
1 edit |
Not easily, most IP spoofing you hear about is one way as part of a DDOS. When you spoof an IP unless you can somehow see the return packets via a "man in the middle" where you can somehow intercept return packets sent to the specific IP you are spoofing, you basically end up with a one way conversation and most Internet activity would be via TCP which requires a 2 way conversation.
Edit: Much more likely, as has been said, that it is someone they know using their wi-fi. It would help to be sure, to know what type of network set-up they have and what type of ISP. |
|
 EGeezer
Premium Member
join:2002-08-04
Midwest
2 recommendations |
to Kylie4
said by Kylie4:Is it possible to spoof an IP? My friend is getting a message popping up an error message that they have a conflict with another IP address, What device/system is popping up the message? it shows their IP logging into 4 other accounts and deleting someones page.
What is "it"? This log is coming from where? Is it a wireless network? If so, how is it secured/encrypted? At this point, my guess is that somebody got physical access to the PC and used it, or, more likely, somebody accessed the network using MAC spoofing to bypass filtering. |
|
| |
to TheWiseGuy
Thanks for your replies.
I am a little disappointed in someone, I was hoping to find a way to prove them innocent. |
|
TheWiseGuyDog And Butterfly
MVM
join:2002-07-04
East Stroudsburg, PA
1 recommendation |
Well as I said in my last edit, to be sure we would need to know the type of ISP and the network set-up but with most ISPs and network set-ups it is not going to be possible to simply spoof someone's IP to use as you have indicated. EGeezer  questions are good ones, as is his points that it could be someone using his PC or that there is some possibility of someone using MAC spoofing. |
|
 SnowyLock him up!!!
Premium Member
join:2003-04-05
Kailua, HI |
to Kylie4
said by Kylie4:I am a little disappointed in someone, I was hoping to find a way to prove them innocent.
Your disappointment has probably been earned by the whoever it is, although that's only a guess on my part. If they were accused of attacking a nuclear power plant in Iran I'd think otherwise but the malicious activity is just too close to home to offer any other plausible explanation. The setup involved to purposefully frame your friend is beyond what I'd consider plausible for the end game. Stopping that activity is the best solution, using a proxy is the 2nd best option. |
|
08034016 (banned)Hallo lisa Aus Amerika
join:2001-08-31
Byron, GA |
to Kylie4
said by Kylie4:Is it possible to spoof an IP? My friend is getting a message popping up an error message that they have a conflict with another IP address, which they thought was a virus at first.
The problem is, it shows their IP logging into 4 other accounts and deleting someones page. They insist they did not do this and I believe them. I am wondering this message they have been getting is someone hacking on to their computer and using their IP.
Here's a good Read. » www.symantec.com/connect ··· oduction» en.wikipedia.org/wiki/IP ··· spoofing |
|
EGeezer
Premium Member
join:2002-08-04
Midwest
1 edit |
to TheWiseGuy
The MAC spoofing scenario would be consistent with the IP address conflict message. MAC filtering is at best useless as a method to prevent unauthorized access. ( see » www.zdnet.com/blog/ou/th ··· s-lan/43 ) Anyone with basic sniffing tools can trap wireless traffic and glean authorized MAC addresses while they're connected. Here's how I see it, corrections in my technical analysis are welcome; The router is probably set up as a DHCP server. Seeing the spoofed MAC address on a connection request, the router checks its tables and assign the last IP used by that MAC address. The second PC with the same MAC could then be fed or use from its cache the same IP. Windows would then generate an IP conflict message to that PC at connection time. Of course, it's just a guess based on my assumptions given the lack of specific information provided. |
|
AVDRespice, Adspice, Prospice
Premium Member
join:2003-02-06
Onion, NJ |
AVD
Premium Member
2011-Mar-24 5:17 pm
said by EGeezer:The MAC spoofing scenario would be consistent with the IP address conflict message. MAC filtering is at best useless as a method to prevent unauthorized access. ( see »www.zdnet.com/blog/ou/th ··· s-lan/43 )
Anyone with basic sniffing tools can trap wireless traffic and glean authorized MAC addresses while they're connected. Here's how I see it, corrections in my technical analysis are welcome;
The router is probably set up as a DHCP server. Seeing the spoofed MAC address on a connection request, the router checks its tables and assign the last IP used by that MAC address.
The second PC with the same MAC could then be fed or use from its cache the same IP. Windows would then generate an IP conflict message to that PC at connection time.
Of course, it's just a guess based on my assumptions given the lack of specific information provided.
Its a lot of work when you can just spoof both the mac address and assign a fake ip address without even going through the DHCP server. |
|
EGeezer
Premium Member
join:2002-08-04
Midwest |
EGeezer
Premium Member
2011-Mar-24 5:21 pm
said by AVD:Its a lot of work when you can just spoof both the mac address and assign a fake ip address without even going through the DHCP server.
Good point, and more likely than the DHCP way - Grab the MAC and IP, configure the NIC's TCP/IP settings and go play, sniff traffic, hack or whatever else one might want to do  |
|
TheWiseGuyDog And Butterfly
MVM
join:2002-07-04
East Stroudsburg, PA
1 recommendation |
to EGeezer
In any case what we are talking about is a breach of a wireless network. Assuming NAT and not separate IPs behind the router and assuming the hacked accounts were on the Internet, the public IP in the logs would not be spoofed it would simply be the IP of the router. |
|
