Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [spoofing]

Spoofing is an activity when a person or program try to impersonates itself as another.

Spoofing can be used to gaining an illegitimate advantage by masquerading itself as legitimate party. Some common spoofing are:

  1. IP Spoofing: Special crafted TCP/IP packet with forged source IP address. It can be used to perform DOS attack by sending it to "open" NTP/DNS server.
  2. ARP Spoofing: Special crafted ARP reply messages with forged MAC Address. It can be used to perform MITM attack.
  3. Email Spoofing: Special crafted email with forged sender address and/or forged email header. It can be used to perform phising or spamming.

Another spoofing activities are: HTTP header spoofing, Caller ID spoofing, GPS spoofing and others.

123 questions
3
votes
2 answers

If I use iptables to allow TCP connections only from a specific IP, can it be faked?

An iptables rule on my database server is: -A INPUT -p tcp --dport 6432 -s 10.115.0.150 -j ACCEPT I have other rules (loopback, etc.), but I'm wondering if that specific rule can be "hacked". Can somebody just "spoof" the IP address (even though…
orokusaki
  • 2,693
  • 4
  • 28
  • 42
3
votes
1 answer

How did this email bypass my SPF settings?

I received a phishing email this morning that appeared to come from one of my addresses to itself. Looking at the headers, I found something interesting. DomainKey-Status: no signature X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on …
SuperMykEl
  • 173
  • 8
3
votes
3 answers

How to Limit the Damage of Domain Spoofing

My e-mail account, for my privately run business which I'll call "VeryCoolCompany", is starting to receive bounce-backs for users who don't exist, like these: alan12ab1@verycoolcompany.com dietskra44-hey@verycoolcompany.com In short, somebody is…
Brent Arias
  • 227
  • 3
  • 12
3
votes
2 answers

Linux-KVM / iptables: prevent guest spoofing by matching ip+mac address on bridge?

I have my KVM guests on a standard br0 bridge setup: auto br0 iface br0 inet static address 192.168.1.117 netmask 255.255.255.0 network 192.168.1.1 broadcast 192.168.1.225 gateway 192.168.1.1 bridge_ports eth0 bridge_stp off …
Matt
  • 295
  • 2
  • 10
3
votes
2 answers

Stop spoof emails in Google Apps

Desperately need some help here. I've been using Google Apps for my domain (2qubed.co.uk) for over 2 years now with no problems at all until recently. For the past few months I have been getting lots of bounced emails from my domain that i never…
hems77
  • 31
  • 1
  • 2
3
votes
2 answers

Googlecast SSDP and MDNS queries on network despite not having any chromecast applications installed in main computer

As title states, Ive detected some MDNS queries from a googlecast address, which is strange since i don't have any googlecast apps or similar installed. Additionally My PC is sending SSDP packets to 239.255.255.250 (subnet?) regarding 'M-Search:…
N S
  • 33
  • 1
  • 3
2
votes
1 answer

Rewrite email (RFC822) From address to match MAIL FROM (RFC821) envelope address postfix

I'm taking steps to harden my outgoing postfix SMTP server. I want to prevent users from spoofing their sender address. When sending email with postfix SMTP the sender is identified in three ways: In the email itself there is a From: header - as…
Philip Couling
  • 1,535
  • 1
  • 17
  • 32
2
votes
1 answer

Prevent from being spoofed by sendgrid

Recently we received an odd mail coming from adress1@company.com to address2@company.com The problem is that address1 didn't send any email to address2. The email was sent using sendgrid. Sendgrid has to be in our SPF due to the use of freshdesk…
Diogo Jesus
  • 131
  • 7
2
votes
2 answers

SpamAssassin, Postfix, and Multiple Addresses in From Header

I'm working on a problem that I'm seeing with an email scanning server (MailScanner, Spamassassin, Postfix, etc.), and From header spoofing. Unfortunately, some of the versions of these components are old, so this may be a bug in one or more of…
rickyboone
  • 23
  • 3
2
votes
1 answer

Checking SMTP headers for spoofed email (did client authenticate?)

I have been using rackspace email service, and I am finding that rogue emails are seemingly coming from harry@mydomain.com to james@mydomain.com but were never actually sent by that user. As per rackspace this email was sent via harry@mydomain.com…
morleyc
  • 1,120
  • 13
  • 45
  • 86
2
votes
2 answers

Can IP spoofed traffic get above the transport layer?

I'd like to know whether you could get packets with a spoofed IP address above the transport layer. My thoughts are: TCP: No, as acknowledgements would never get to the original sender if their IP was spoofed. A session couldn't be set up so…
Ray2k
  • 123
  • 3
2
votes
1 answer

Using SPF for spoof protection

I'm trying to work through properly configuring SPF for my domain. We have two MX servers that only receive mail, and two outbound relay servers which we expect to list in our SPF record. We also have a mail server in a subdomain called…
Alex Regan
  • 143
  • 5
2
votes
2 answers

Reject obviously spoofed messages in Exchange 2007 SP2

I have an Exchange 2007 SP2 server which happily accepts SMTP messages whose sender is SomeRandomString@mydomain.com and the recipient is SomeRealUser@mydomain.com; this leads to all sort of spoofing and spam. Is there any way I can tell Exchange…
Massimo
  • 68,714
  • 56
  • 196
  • 319
2
votes
2 answers

How to spoof an IP for application that needs this particular IP?

In general, such a problem, there is a system RHEL 6.4 Server with a pair of network interfaces combined into one by bonding. This system IP address: 10.7.7.1. Next on the system running an application that needs to connect to the MySQL-server…
abg
  • 163
  • 2
  • 5
2
votes
1 answer

Prevent mail server (sendmail) used to backscatter

Hi I recently got an email from Amazon, saying that my EC2 instance is sending spam. So what they say is my mail server is receiving email for a non-existing user and therefore bounces the email back without validating the source netrange. So to my…
Xavier_Ex
  • 159
  • 1
  • 9
1
2
3
8 9