[MUD-Dev] Grief players with ip/dns spoofers

J C Lawrence claw at 2wire.com
Wed Jul 25 22:57:45 CEST 2001


On Mon, 23 Jul 2001 13:34:28 -0400 
Robert Fleck <rfleck at cigital.com> wrote:
>> From: Greg Underwood [mailto:gunderwoodhsd at earthlink.net] At
>> 10:08 PM 7/12/01 -0700, Sean Kelly wrote:
>>> From: "Tand'a-ur" <tandaur at ix.netcom.com>
 
>> This is my understanding of it as well.  Any responses go back to
>> the faked IP address.  All you can accomplish with an IP spoof is
>> to ......

> Well, in certain conditions you could do it successfully.  For
> example if the ip you are spoofing is on the same segment as you,
> or routed through your segment, you can see the responses...  This
> works best if you have some way to ensure that the spoofed client
> won't make any noise about the anomalous packets smashing into it.

This is actually fairly easy to do.  Its called NAT (network address
translation).  Stick a NAT box in front of your client that picks up
the packets in promiscuous mode (unless you can get the router to
rewrite the MAC to you) and then deliver on to the client.

> There are other situations where it can happen too, but we are
> talking serious protocol voodoo.

Not really.  SOCKS bounces are quite old now and are trivial to do.

--
J C Lawrence                                    )\._.,--....,'``.	    
---------(*)                                   /,   _.. \   _\  ;`._ ,.
claw at kanga.nu                                 `._.-(,_..'--(,_..'`-.;.'
http://www.kanga.nu/~claw/                     Oh Freddled Gruntbuggly
_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev



More information about the mud-dev-archive mailing list