IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [spoofing]

A kind of attack in which one system, program, or user successfully masquerades as another.

Spoofing attacks involve tricking or deceiving computer systems or other computer users. Spoofing can be carried out in several different ways. Some common attacks are:

  • IP spoofing: Creating IP packets with a forged IP address.
  • ARP spoofing: Creating ARP packets with an invalid IP-MAC pair. It is used to carry out MITM.
  • E-mail spoofing: Sending an e-mail with a spoofed IP address.

There are many other attacks that involve spoofing e.g. caller ID spoofing, DNS spoofing.

287 questions
171
votes
10 answers

Should I be concerned if the "FBI" has logged onto my Ubuntu VPS?

Yesterday, I was performing a bit of general maintenance on a VPS of mine, using the IPMI console my host provided. Upon setting up SSH keys again via the IPMI console, I logged in via SSH and was shocked to see this: Welcome to Ubuntu 14.04.2 LTS…
lol what is this
  • 1,551
  • 2
  • 9
  • 11
82
votes
1 answer

Is Starbucks spoofing me?

When I connected to Starbucks's Wi-Fi, I got a security alert from MS Outlook that looks like this: I looked up secure.datavalet.io, but there's no mention of this thing anywhere. This does not appear when I use my mobile, home, or work Internet.…
Nomenator
  • 799
  • 1
  • 5
  • 6
57
votes
7 answers

How can caller ID be faked?

My late brother was contacted by someone on landline number operated by a carrier in Australia and which displayed on caller ID. I traced the number to a company and though they did call him on a number of occasions from this number over a couple of…
stumped
  • 539
  • 1
  • 4
  • 4
47
votes
4 answers

Someone called someone else with my phone number

Sequence of events: I didn't touch my phone all day (at work, busy day, know it didn't even come out of my pocket, but was on). 5:20pm I get a call by a guy asking me who I am and why I called him at 2pm. Tell him I didn't call him. Immediately…
VSO
  • 523
  • 1
  • 5
  • 10
41
votes
2 answers

How easy is it really to do IP spoofing?

I read a lot about IP spoofing but I am not sure how easy it is really to do. Let's say I am in Spain, can I somehow connect to a server in the US with an IP address that is allocated to Mexico? Won't the routers simply refuse to forward my traffic?…
graffe
  • 587
  • 1
  • 4
  • 8
41
votes
4 answers

How could a public DNS server return bad results?

I live in a country which is under many sanctions. Both internal sanctions (government on people) and external sanctions (US on our people). In our country, YouTube, Twitter, Facebook and many other sites are blocked by default and we can only…
AlwaysLearner
  • 499
  • 4
  • 6
35
votes
5 answers

Is it possible to spoof an IP address to an exact number?

The title says it all really. Say my IP address was 1.2.3.4 and I wanted to change or 'spoof' it so that its exactly 2.3.4.5, would this be possible or are there too many varying factors that need to be taken into account before getting a definitive…
James
  • 453
  • 1
  • 4
  • 6
28
votes
2 answers

Why is "hovering over" a link in an email considered safe? Or is it harmful?

We are using a browser based email client and the email content is in HTML. One of my employers told us that if we receive a suspicious email with links, we have to hover over the link (to check that it is not spoofed) before clicking it. Hovering…
JOW
  • 2,319
  • 2
  • 16
  • 24
28
votes
2 answers

List of visually similar characters, for detecting spoofing and social engineering attacks

I'm trying to detect homograph attacks and other attacks where an attacker uses a spoof domain name that looks visually similar to a trusted domain name (e.g., bankofthevvest.com instead of bankofthewest.com). Is there a dictionary or database of…
D.W.
  • 98,420
  • 30
  • 267
  • 572
26
votes
5 answers

Bank asked for a cross login?

I was creating a new bank account here in the US at HSBC's popular online bank... You know the step where you have to verify the account you're sending from, by receiving two small test payments? I was astounded to see HSBC have a new system: You…
Fattie
  • 263
  • 2
  • 10
25
votes
3 answers

How wise is it to use a tool for portspoofing at your server to confuse attackers?

I came across this tool recently https://github.com/drk1wi/portspoof How efficient will it be to use it to confuse hackers doing port scanning? If it's actually going to be pretty efficient, why hasn't it caught up so far? That is, 189 stars for 5…
jerry
  • 365
  • 3
  • 4
24
votes
1 answer

How can I spoof a phone call and make it appear to come from another phone?

I'm performing a penetration test against a company. Part of my social engineering procedure is to contact the IT department and try to convince them to that I'm an employee in the company and get them to reveal some sensitive information including…
Adi
  • 43,808
  • 16
  • 135
  • 167
23
votes
6 answers

How to be mean to some people that stole my phone

My iPhone was stolen a couple of weeks ago and I started receiving the following messages on my recovery secondary number that I provided with Find My iPhone: The URLs…
Lino Velev
  • 359
  • 2
  • 4
20
votes
3 answers

Is it possible to make a phone call appear to come from another phone, even to the network provider?

Quick Question Is it possible that I could call a mobile number, but have the call forwarded through another number active on a different phone that someone else has? I have had unlimited access to the other person's phone prior to this. Is there…
Peanut
  • 1,019
  • 1
  • 8
  • 22
18
votes
3 answers

Somebody is spoofing my email to send spam messages, and I have no idea how to block

Someone is using my Google Apps Email ID to send spam messages and I've received 2000+ undelivered and autorespond emails. I have no idea how to block this because the spammer is also using my email as reply-to email. If you have any previous…
Surjith S M
  • 289
  • 2
  • 5
1
2 3
19 20