Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [spoofing]

Spoofing is an activity when a person or program try to impersonates itself as another.

Spoofing can be used to gaining an illegitimate advantage by masquerading itself as legitimate party. Some common spoofing are:

  1. IP Spoofing: Special crafted TCP/IP packet with forged source IP address. It can be used to perform DOS attack by sending it to "open" NTP/DNS server.
  2. ARP Spoofing: Special crafted ARP reply messages with forged MAC Address. It can be used to perform MITM attack.
  3. Email Spoofing: Special crafted email with forged sender address and/or forged email header. It can be used to perform phising or spamming.

Another spoofing activities are: HTTP header spoofing, Caller ID spoofing, GPS spoofing and others.

123 questions
2
votes
2 answers

Different Mac address to virtual interface and primary interface

I am developing a system, where I need virtual interface to have different mac address for my primary and virtual interface lets say my mac for eth0 is 00:11:00:11:00:11 and my virtual interface is eth0:0 by default eth0:0 have mac address…
sanketmlad
  • 183
  • 3
  • 9
1
vote
3 answers

How to avoid DNS spoofing for DNS lookup

I am trying to find a way to obtain the real ip addresse(s) for a domain name. I'm working on a router doing traffic shaping with the use of iptables and tc. I then need to setup iptables rules for marking packets coming from certain domains, using…
Mulot
  • 484
  • 4
  • 10
1
vote
1 answer

How to stop Backscatter (NDR) from spoofed Mail address?

some one is sending mails from a spoofed mail account from our domain (randomname@ourdomain.com) to hundreds, sometimes thousands of non existant russian E-Mail addresses. The web hosts send out NDRs to the non existant address on our server,…
Rimini
  • 31
  • 4
1
vote
1 answer

Spoofing/Spam received from GSuite alias accounts

The company currently have 2 domains registered: "dom1.com" and "dom1.com.ex". "dom1.com" is hosted and is the main domain associated on our GSuite account to create user accounts to send mails, "dom1.com.ex" is an active domain for e-mail aliases…
Loki
  • 13
  • 3
1
vote
2 answers

How config Exim4 to accept only authenticated sender

How can I setup Exim to accept only authenticated email from managed domain address? I'm receiving spoofed email.. from myself.
Tobia
  • 1,210
  • 8
  • 37
  • 73
1
vote
1 answer

Possibility of detecting MAC address spoofing in a decentralized network?

The paper that has been published here: https://dl.acm.org/citation.cfm?id=3282283 proposes a consensus algorithm based on distributed voting process in which it claims that it would be possible to detect (and not prevent) MAC address change using…
Questioner
  • 111
  • 4
1
vote
2 answers

Cloudflare "Access" service real security

Cloudflare Access is a new attractive feature from Cloudflare, based more or less on Google's BeyondCorp (a reverse-proxy with login which should replace VPN in accessing internal network applications). I am concerned about how secure their…
Miro
  • 151
  • 6
1
vote
1 answer

RDP Server under attack; IP address used is our server address

I have setup a Windows 2016 server for remote desktop access, and installed RDPGuard to block brute force attacks. This worked well for a few days and RDPGuard blocked out a number of IP addresses. However a few days ago I noticed RDPGuard skipped…
Laurence
  • 11
  • 2
1
vote
2 answers

Iptables rules to prevent IP Spoofing

We had following below iptables rules that exist in our web front-end boxes to prevent IP Spoofing: -A INPUT -s 255.0.0.0/8 -j LOG --log-prefix "Spoofed source IP" -A INPUT -s 255.0.0.0/8 -j DROP -A INPUT -s 0.0.0.0/8 -j LOG --log-prefix "Spoofed…
Zama Ques
  • 443
  • 1
  • 8
  • 24
1
vote
1 answer

ARP spoofing on switch across subnets

Consider a switch without any VLAN's defined with 2 subnets configured. Is it possible to ARP spoof from one subnet to another? According to Evans reply in What are the implications of having two subnets on the same switch? that should not be…
fliX
  • 111
  • 3
1
vote
4 answers

Setting up an SPF record for a shared hosting service with lots of email gateways

My website is on a Hostgator shared host, and I need to set up SPF for my email so my outgoing emails won't get bounced. So, I have to add a TXT record to the DNS for my domain, listing all possible senders of my domain's email. Shouldn't be a big…
Daniel Griscom
  • 493
  • 1
  • 4
  • 15
1
vote
0 answers

How can I reject mails coming from a fake domain or a fake user in a real domain?

I have an exchange server 2010 recently installed and I receive a test with 3 step to check the security of my server. below the test Check if my server receive from fake domain. Check if my server receive from fake user in real domain. impersonate…
user305679
  • 11
  • 1
1
vote
1 answer

Prevent IP Spoofing on OpenVPN tun

I have a question regarding IP Spoofing and authentication. I have an OpenVPN server in TUN mode with many untrusted clients in the same VPN network, and I was wondering if one client is able to spoof its VPN IP Address so that it can appear to the…
poli mi
  • 13
  • 3
1
vote
0 answers

Email Spoofed From Exchange Server

One of my exchange users got an email that bounced back to them. They did not send the email and I'm a little confused at how they got it. I looked through the logs and do not see the email leaving our server. So I guess that is good, no open relay.…
user2027231
  • 13
  • 3
1
vote
1 answer

Any way to block IP address host header spoofing?

I have already added the following the following to my nginx config to deal with spoofed domains: if ($host !~* ^(.*example.org|\d+\.\d+\.\d+\.\d+)$ ) { return 444; } Right now it whitelists IP addresses since I need to accept…
Jordan Reiter
  • 1,260
  • 4
  • 17
  • 38
1 2
3
8 9