Spoof IP when dialup to ISP?

Spoof IP when dialup to ISP?

Post by me » Fri, 10 Aug 2001 22:50:50



I almost hate to ask this question.

How do I spoof my IP address when connected to the net from my linux
box via modem dialup?

Thank

-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----==  Over 80,000 Newsgroups - 16 Different Servers! =-----

 
 
 

Spoof IP when dialup to ISP?

Post by Dean Thompso » Sat, 11 Aug 2001 00:13:10


Hi!,

Quote:> I almost hate to ask this question.

> How do I spoof my IP address when connected to the net from my linux
> box via modem dialup?

Quick question, why do you want to do this ??

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+

 
 
 

1. IP-Spoofing / MAC-Adress Spoofing / arp requests

Hello All..

I've got today something very strange. I could determine where the trash
came from and why.
Our topoligy looks like localnet --- router --- "routernet" --- firewall
--- internet

The things I figured out were:
the packets below were not seen at the firewall or the routernet. but
when i plugged the internet uplink out the "scan" stopped.
I figured the MAC adress of the ip 13.10.15.10 out, but the MAC adress
was form a computer in the localnet with a "normal" non-routable DHCP
IP.. No strange programs were in progress there..

I've recognized the hole thing with a heavy traffic load on our network
equipment. With tcpdump i catched the packets. It looked for me like an
scan of our net. The scan began at 7.0.0.0 until 10.0.x.x and then the
hole thing stopped.

...
13:07:32.623597 eth0 M arp who-has 9.254.46.40 tell 13.10.15.10
13:07:32.623665 eth0 M arp who-has 9.254.46.41 tell 13.10.15.10
13:07:32.623734 eth0 M arp who-has 9.254.46.42 tell 13.10.15.10
13:07:32.623801 eth0 M arp who-has 9.254.46.43 tell 13.10.15.10
13:07:32.623869 eth0 M arp who-has 9.254.46.44 tell 13.10.15.10
13:07:32.623937 eth0 M arp who-has 9.254.46.45 tell 13.10.15.10
...

Our firewall didn't recognized anything, i've setted it up with very
restricted ipchains and doing logging with snort/logchecker. At active
attacks the source IP's were blocked for an amount of time.

With our old firewall we had a brake in with ip-spoofing, after that we
change to better hardware and other firewall-concepts.

Has anyone any idea what that was? Has anyone saw something like that?
Are there any information about MAC adress spoofing on the web?

thanks for your response,

greetings

michi

2. Microsoft Copyrights in Sun OS

3. instructions for configuring TCP/IP for PPP dialup ISP?

4. soliciting advice concerning future DiskSuite deployment

5. ISP - Dialup: Static IP Addr

6. patch 103187-11 (libc, libnsl) and rpc.yppasswdd

7. Dialup connection to ISP with Static IP -- please help

8. connect internet using linux

9. Automated Dialup to ISP and Rotating ISP Accounts

10. how to do ip spoofing with ip tables..

11. Dynamic IP dialup tcp/ip

12. How do I keep Ethernet IP from overriding Dialup IP on a gateway machine!

13. IP spoofing protection