Questions tagged [spoofing]

Spoofing is an activity when a person or program try to impersonates itself as another.

Spoofing can be used to gaining an illegitimate advantage by masquerading itself as legitimate party. Some common spoofing are:

  1. IP Spoofing: Special crafted TCP/IP packet with forged source IP address. It can be used to perform DOS attack by sending it to "open" NTP/DNS server.
  2. ARP Spoofing: Special crafted ARP reply messages with forged MAC Address. It can be used to perform MITM attack.
  3. Email Spoofing: Special crafted email with forged sender address and/or forged email header. It can be used to perform phising or spamming.

Another spoofing activities are: HTTP header spoofing, Caller ID spoofing, GPS spoofing and others.

123 questions
70
votes
15 answers

Are IP addresses "trivial to forge"?

I was reading through some of the notes on Google's new public DNS service: Performance Benefits Security Benefits I noticed under the security section this paragraph: Until a standard system-wide solution to DNS vulnerabilities is universally…
Jeff Atwood
  • 12,994
  • 20
  • 74
  • 92
28
votes
4 answers

Can the IP address for an HTTP request be spoofed?

On a website I am building, I plan to log the IP addresses of submissions, just in case it's necessary. I don't mind proxies, but outright spoofing your IP address would defeat the purpose. To perform a complete GET action, (regardless of whether…
TND
  • 395
  • 1
  • 3
  • 4
11
votes
1 answer

How to prevent IP spoofing using MAC and ebtables?

I am trying to create IP-MAC pairing rules in ebtables. There are few tutorials and related questions [1] available but I have kind of specific setting. ENVIRONMENT: I have many physical hosts. Each host has few ethernet cards, joined in bond and…
Martin
  • 341
  • 2
  • 7
10
votes
6 answers

How reliable are IP address-based firewall restrictions?

On some of my production systems that need to be accessible outside of the LAN I will sometimes add a firewall restriction at the edge to only permit traffic on, say, RDP from a specific origin IP address or block. Of course, the IP needs to be…
tacos_tacos_tacos
  • 3,220
  • 16
  • 58
  • 97
7
votes
1 answer

Does postfix reject spoofed senders?

Is there a reliable way to reject incoming mails with a spoofed e-mail address? What kind of checks does postfix run normally on incoming mails? does postfix check the reverse dns by default? does postfix have any other checks built-in and…
lszrh
  • 683
  • 3
  • 7
  • 15
7
votes
3 answers

How to prevent ip spoofing within iptables?

My Apache web-server on Linux is being flooded by massive requests for a non-existent file. The immediate impact is the rapid growth of the access & error log. I already took care of this by not logging these requests (if it matched the particular…
user59555
6
votes
1 answer

Is it possible to override a single domain name using dnsmasq?

I have a server application that I'm running two instances of, production and development, namely: prod.example.com (10.0.0.1) dev.example.com (10.0.0.2) A third-party has written a client application which has been hardcoded to point to…
Matt
  • 322
  • 1
  • 3
  • 11
6
votes
5 answers

Any way I can correct DNS spoofing against our domain

This morning I found out that our domain and subdomains have been poisoned on the 4.2.2 and 4.2.2.1 DNS servers along with others I think, though I have not confirmed others yet. Using OpenDNS resolution works correctly. I have updated our local DNS…
brandon
  • 61
  • 2
5
votes
1 answer

How can I prevent spoofed emails from outside thats using my internal accepted domain

I'm receiving spam emails sent from my own domain to my own domain. I'm using Exchange 2013. Example: myemail@mydomain.com is being used to send spam to myemail@mydomain.com. I can successfully replicate the issue by telneting to the server from…
5
votes
4 answers

MAC address spoofing - why doesn't this work?

So I'm in a new job, and they're pretty draconian about their network, hardware, and OS security. :-( I'm a web developer, but am forced to use IE7 for development simply because they don't want ANYone installing ANYthing other than the…
loneboat
  • 303
  • 3
  • 9
4
votes
2 answers

Wrong DNS answer with CNAME and A Record at the same time

We had a customer which has set a CNAME Record for his domain. Somehow he managed it to set an A Record too, which should be not possible and is forbidden by DNS. But the result was: $ dig @ns1.your-server.de tippspiel-bl1.unternehmen-frische.de…
Janning
  • 1,191
  • 1
  • 19
  • 35
3
votes
0 answers

Using DMARC techniques to block Backscatter

We run a small email (receiving not bulk sending) service (~ 300 domains or so) for our customers and are just starting to introduce DMARC. One of the reasons for doing so is to help stop backscatter (NDRs for emails that weren't sent) by helping…
Rob Lambden
  • 260
  • 2
  • 6
3
votes
1 answer

Exchange not checking SPF record for own domain

I have an interesting issue with Exchange where it appears to check and stamp spoofed messages from external domains but not ones it has setup to send from. For example I can spoof a message from 1@example.com where example.com has a valid SPF…
3
votes
1 answer

Dovecot Sieve allows spoofing through LMTP

I have set up Postfix to block spoofing your email (you can only send emails as yourself): smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch I have set up Sieve and ManageSieve on the server. My users can now configure…
Friend of Kim
  • 231
  • 1
  • 4
  • 12
3
votes
1 answer

"From:" e-mail header spoofing - how to verify such mail?

I'm facing a problem of verifying a "From:" message field in e-mail messages, in terms of e-mail spoofing. I am currently using SPF and DKIM to verify the origin and integrity of messages, but as far as I can work out, SPF only validates the…
gds.jerry
  • 61
  • 1
  • 5
1
2 3
8 9