Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [spoofing]

Spoofing is an activity when a person or program try to impersonates itself as another.

Spoofing can be used to gaining an illegitimate advantage by masquerading itself as legitimate party. Some common spoofing are:

  1. IP Spoofing: Special crafted TCP/IP packet with forged source IP address. It can be used to perform DOS attack by sending it to "open" NTP/DNS server.
  2. ARP Spoofing: Special crafted ARP reply messages with forged MAC Address. It can be used to perform MITM attack.
  3. Email Spoofing: Special crafted email with forged sender address and/or forged email header. It can be used to perform phising or spamming.

Another spoofing activities are: HTTP header spoofing, Caller ID spoofing, GPS spoofing and others.

123 questions
1
vote
1 answer

Practical way to implement prevention of IP Spoofing

I am an undergraduate Computer Science student and was hoping to gain some knowledge of ways to help prevent IP spoofing but all the resources I have tried out elaborate this concept in a theoretical way. I want to try out my hands at one of the…
user1369975
  • 99
  • 5
1
vote
2 answers

Exchange 2010 email spoofing prevention

Masters, Unfortunately we got some spam mail which seems to be coming from our own domain. I found some article which all says to remove Anonymous login from internet receive…
holian
  • 227
  • 1
  • 8
  • 14
1
vote
0 answers

Woes with named/bind and forwarding zones

I'm sadly restricted to a very old version of bind (9.4.2) This is the think. If I setup bind with a named.conf and only forwarding it works perfect. acl clients { any ; }; options { listen-on { 10.245.46.11; }; forward only ; …
jdq2013
  • 11
  • 4
1
vote
3 answers

Spoof database connection to be local instead of remote

I am trying to connect one of our clients "as is" programs to a remote database instead of a local one, they think that they have coded it to work that way, but for some reason the program crashes when trying to connect to a remote database. I don't…
spydon
  • 123
  • 1
  • 1
  • 8
1
vote
1 answer

Bingbot spoof localhost ip

So here is a fun one. I'm getting bingbot requests at a certain time everyday that kill the server. Here is the request: 127.0.0.1 - - [14/Sep/2013:08:18:49 -0500] "GET / HTTP/1.1" 200 82810 "-" "Mozilla/5.0 (compatible; bingbot/2.0;…
Alan
  • 23
  • 4
1
vote
1 answer

Finding spoofed IP address on network

I have a few IP spoof dropped messages coming out of my Sonicwall firewall, we'll call them Source A and Source B. Both of these sources have the same mac address indicating they're coming from the layer 3 switch behind my firewall. Source A has an…
Jared
  • 31
  • 1
  • 1
  • 5
1
vote
2 answers

ISP login, MAC spoofing, WiFi and multiple devices

I have a Tikona Digital Broadband (WiMax based) Internet Connection which allows limited number of devices to be connected at a time and also requires that the users login with username and password (by visiting a browser page on each device) before…
neeks
  • 131
  • 1
  • 4
1
vote
1 answer

When a client sends a RST packet, will the server close the connection ?

What I'm trying to do is block RST attacks with IPTables. When I do a search for it, I'm seeing rules where packets with the RST flag set is being rate limited. I'm questioning it a little bit. I think I need to rate limit RST / ACK and not RST If…
Kris
  • 1,347
  • 3
  • 15
  • 16
1
vote
1 answer

DDoS false IP attack

Possible Duplicate: DDoS attack, how to stop? I'm getting 10MB attacks, IP spoofing, which is used fake IPs, causing high CPU usage of the machine, and falls all. What should I do to prevent it? Dedicated server configuration: Dual Core 2.8 2GB…
Cristian Augusto
  • 19
  • 2
1
vote
1 answer

What's the best way to block IP spoofing on a layer 3 switch?

We're hosting Dedicated Servers and are currently using old 3com switches with IP-based ACLs. So each port has an ACL that allows all IP addresses assigned to this customer, and blocks everything else. But now 3com was bought by HP, and the…
toupeira
  • 121
  • 2
1
vote
1 answer

Using arpwatch to backtrack proxy access ip to eap-tls certificate

In my network I am using eap-tls authentication (machine certificates) for clients. Those clients are using a squid proxy to access the internet. The proxy is logging the request to the access.log. Now what I want to do is to backtrack from an IP…
HalloDu
  • 121
  • 1
  • 9
1
vote
2 answers

MAC spoofing - keeping the connection alive

Is it possible to keep a connection alive, while spoofing/changing the MAC address of your own network adapter (especially wlan adapter), without needing to re-authenticate against 802.1X RADIUS-server with eap-tls? I need this to secure a network,…
HalloDu
  • 121
  • 1
  • 9
1
vote
1 answer

How to avoid sendmail relay domains spoofing

I have a bunch of domains as relay domains at my sendmail config, i noticed that some dirty botnet is using dns spoof to be able to send emails using those relay domains. How it works: a domain zzz.xxx.tld resolves back to 127.0.0.1, when my server…
Rod
  • 372
  • 4
  • 10
1
vote
1 answer

Preventing Email Spoofing

I use Google Apps with my domain. Recently, we have begun to receive spam that gets past Google's spam filters. They are from our own email addresses. I am wondering how to prevent this kind of email spoofing. We use an SPF record with the "~all"…
Donald T
  • 183
  • 4
1
vote
2 answers

How to block spoofed mail from *.host.com

I'm currently running a centOS server with directadmin and custombuild. I keep getting spoofed phishing mails with spoofed from addresses that have SPF setup properly. Spamassassin gives it a score 1.8, probably because the mail seem legit and other…
user3411864
  • 131
  • 3
1 2 3
8 9