Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [spoofing]

Spoofing is an activity when a person or program try to impersonates itself as another.

Spoofing can be used to gaining an illegitimate advantage by masquerading itself as legitimate party. Some common spoofing are:

  1. IP Spoofing: Special crafted TCP/IP packet with forged source IP address. It can be used to perform DOS attack by sending it to "open" NTP/DNS server.
  2. ARP Spoofing: Special crafted ARP reply messages with forged MAC Address. It can be used to perform MITM attack.
  3. Email Spoofing: Special crafted email with forged sender address and/or forged email header. It can be used to perform phising or spamming.

Another spoofing activities are: HTTP header spoofing, Caller ID spoofing, GPS spoofing and others.

123 questions
0
votes
1 answer

What will happen in a network if multiple devices have the same MAC address?

What will happen in something like a wifi connection where different laptops are set with the same MAC address . To make it more interesting what will happen if there are multiple devices with same MAC address and different IP addresses.
Chris Thaliyath
  • 1
  • 1
0
votes
0 answers

How To Stop Cisco ASA Spoof Attack

I have thousands of "Deny TCP reverse path check from 10.60.60.X to 10.60.6X.X on interface outside" The IP addresses for the source and destination hosts are all over the board, and the interface is either outside or inside, for internal and…
Daniel Graves
  • 23
  • 5
0
votes
1 answer

Brute force attacks with server's IP

I am running a Debian wheezy server with fail2ban installed, everything works as expected but recently my own server got banned. I added the server's IP in the exception row and it seems to work, but here the question.. Is it possible that someone…
spacebiker
  • 358
  • 4
  • 14
0
votes
1 answer

how to discourage email spoofing

One of my production server emails look like to be spoofed from another network. The team (group or individual or professional company) is sending mass mails out to their list of users, using our email addresses. And, I am receiving a lot of fail…
Bimal Poudel
  • 101
  • 1
0
votes
2 answers

Protecting my Bind dns server from slow kaminsky-style cache poisoning attacks

Dan Kaminsky described how DNS servers could be poisoned with spoofed DNS responses [1]. As I understand it, the problem was that Kaminsky found a way to account for most other sources of randomness in a DNS query such that the main barrier to an…
Bingu Bingme
  • 1
  • 1
0
votes
1 answer

DNS request anomaly

Experts, i have some problem in DNS servers configuration, network diagram is shown in figure: The problem is manifesting as follows: There're 2 DNS servers servicing both internal and external requests; the first one is the domain controller,…
ITD27M01
  • 1
0
votes
2 answers

Spoofing NS records for pre-transfer DNS testing

I'm about to transfer a domain from one registrar and DNS provider to another, and I want to test the new DNS host before starting the transfer. The new host provides plain DNS service beforehand, so the domain can be set up there with all records…
Synchro
  • 2,983
  • 5
  • 25
  • 35
0
votes
1 answer

Should I move servers and change email address after email spoofing?

I'm hoping the community can help me shed some light on a recent email spoof. Yesterday my client woke up to find hundreds of bounced failure notices. The client did not personally send any of these emails. Each failure notice had a different…
Sam
  • 101
  • 3
0
votes
1 answer

Counter MAC Spoofing with Cisco

I was wondering if someone could help me with the needed cisco commands to configure a switch to only allow certain mac addresses on certain ports. So that one mac adres can only connect to the network through a specific port. Also how to be able to…
Dempsey FoxDie Van Assche
  • 157
  • 1
  • 5
0
votes
1 answer

Tracking anonymous e-mail threat

A user spoofed/sent an email from http://emkei.cz/ with a very serious threat. Is it possible to trace this back or are we SOL? There wasn't much in the email headers other than that it came from that site. We've checked DNS records for the site's…
LaidBach
  • 11
  • 1
0
votes
1 answer

Can a machine(physical or virtual) accept and process UDP packets with a different IP address coming from a known device?

Before everything, thanks for reading the next question. I have script,(ipUDPspoof.rb), which is a client/server script in Ruby (you choose the parameter 1 to be server and 0 to be client, at initialization...for example "sudo ruby sandbox.rb 1" to…
Gonçalo Paiva
  • 1
0
votes
2 answers

SSH:using single public key on multiple remote machines and spoofing-by-known-server

Lyrics Usually, people say, that using single public key on several servers is just as secure as using unique public keys on each of them. (If we're not talking about possibility of private key being compromised) But... I don't get, if it's possible…
Igor
  • 141
  • 6
0
votes
2 answers

oidentd properly configured yet not properly working on CentOS 6

I've been experiencing this problem with oidentd for a couple of days and I can't seem to be able to find a solution to this yet. oidentd seems to give me headaches every time I want to get it work on different servers. I have to mention I've…
thatbrainiac
  • 33
  • 1
  • 7
0
votes
3 answers

Exchange and SPF Records

I've created an SPF record on 123-Reg, which is working great. But my question is how Exchange servers know that an SPF record exists when they receive mail from a domain. How does Exchange know it needs to check the domain's DNS provider, 123-Reg…
PnP
  • 1,684
  • 8
  • 37
  • 65
0
votes
1 answer

iptables: is it possible to spoof NEW packets and make them look like ESTABLISHED packets?

See title for the question. This question relates to a previous question wherein I asked the difference between NEW,ESTABLISHED and RELATED , see it here iptables: difference between NEW, ESTABLISHED and RELATED packets One of the rules has NEW in…
Kris
  • 1,347
  • 3
  • 15
  • 16
1 2 3
8 9