IP Masking / Using Different IP Address

Topic

New Reply

Hello,

I’m doing some research on masking IP Addresses, or more specifically, using a fake ip address, or using someone elses ip address. Is this possible? Can you direct me to instructions or software that would allow a person to do this?

Thanks!
KST

Reply | Quote

Replies

Here’s some general information IP address spoofing – Wikipedia, the free encyclopedia. I don’t think it would be appropriate for anyone in the Lounge to advertise software for doing this. As you can see from the Wikipedia article it is used for nefarious purposes. I

Joe

--Joe

Reply | Quote

Thank you Joe. So, in your opinion, it would be possible for me to appear as if I were using your computer? Obviously, I would need to know your IP address, and possibly some other info, but would this be possible?

KST

Reply | Quote

From the Wikipedia article Joe linked to……

“By forging the header so it contains a different address, an attacker can make it appear that the packet was sent by a different machine.”

Reply | Quote

As long as you don’t actually want a response back, you can make it appear that any computer sent a packet. But that probably isn’t very useful for your purpose, whatever it is.

Reply | Quote

I apologize, let me give you alittle more info…. I’m not actually trying to do this, I just want to know if it’s possible. I’m researching this for a client.

A password was changed. Records were subpoenaed, and the records indicate the password was changed using a computer at a specific IP address. That IP address belongs to a person who should not have been changing the passwords. The question is posed…. could someone else have changed the password from another IP address using masking / spoofing software.

I think it’s possible, but not probable.

I wanted to know what you guys think.

Thanks!
KST

Reply | Quote

I assume this is a switched network environment. Switches very efficiently “learn” the port location of an IP address, but they also need the capability to unlearn it, for example, when a device is moved to a new port. It might be possible to assign someone else’s IP address to your device and then interact with the network in some manner to hasten this process and thereby take over the other device’s IP address temporarily — for example, while the other device is offline. But I’m not familiar with attacking a switched network, so it’s just a hypothesis. And I’m not sure whether there would be any record of this unless the switch was set up for auditing.

In the DHCP context, it’s also possible that the IP address was leased to a different device at the time of the relevant event, although in real life devices tend to keep renewing the same address. Unless you have a MAC address, that could be difficult to prove/disprove.

Reply | Quote

I think the answer to your question depends upon how ernest the needs of the person who “may” have changed the password were to access or change the information made available by the spoof.

It is possible for someone to access another computer and obtain their IP address and then use that IP to send out email from their own computer that appears to come from the compromised computer by spoofing the IP address. That’s how many SPAM mailers keep one step ahead, using spoofed IPs to send out their junk.

Changing a password on one computer from another can be done with Trojan Horse software loaded on the target computer by the one changing the password or via email or download.

So, to answer your questions directly, it is entirely “possible” for someone to change a password on one computer from a remote computer and hide the identity of the computer used to make the change by spoofing the IP address of the person you currently suspect made the change to direct suspicion towards them. The ability to do this depends on the security of the network or individual computer and the computer expertise of the person doing the hacking. And this type of activity is just that, hacking and cracking.

Reply | Quote

It is surprisingly easy to use ARP Cache Poisining to intercept and replace traffic between two computers. This can be done in a few seconds using freely available tools and afterwards every packet you send to the host you have chosen will appear to have come from the other PC.

You can even use simple routing to route incoming packets from the server to the original PC so that they won’t know you are doing this.

Scary stuff!

StuartR

Reply | Quote