new | show | ask | jobs Github

regularization 9 hours ago

Because the IP is in the edit, and the reverse DNS went back there (and ARIN did not disagree)

More info on this in my other reply.

▲

rolph 7 hours ago | parent [-]

An Introduction to IP Spoofing (and How to Prevent It)

https://kinsta.com/blog/ip-spoofing/

▲

digitalPhonix 5 hours ago | parent [-]

That doesn’t work for an HTTP request (or any stateful communication that requires return traffic)

▲

rolph 5 hours ago | parent [-]

its a dated article, but the concept of IP spoof works, and has been modified to fit the state of tech, its more than just forging the return address in an IP header.

https://owasp.org/www-community/pages/attacks/ip_spoofing_vi...

https://github.com/ParsaKSH/spoof-tunnel

▲

cowboylowrez 4 hours ago | parent | next [-]

The term IP spoofing used to really only apply to some networking layer in my experience, placing bogus ips in headers was more likely called header forgery and happened in the application. It wouldn't make sense for wikipedia to rely on easily forged headers when they can simply examine the network connection and use that address.

Actual IP spoofing still can't really impersonate a valid tcp connection unless its all send and no read, even with your second link, both sides of the "tunnel" have to spoof the source ip in their messages so thats not likely going to happen with wikipedia unless their security gets broken somehow and in that case well all bets are off lol

	▲	rolph 41 minutes ago \| parent [-]
		"unless their security gets broken somehow" yup you get the idea, but you dont have to break security, you can can settle for convincing him to break his own security.

▲

digitalPhonix 4 hours ago | parent | prev [-]

Did you read the things you're linking?

> https://owasp.org/www-community/pages/attacks/ip_spoofing_vi...

Isn't an actual technique, it's describing the observed result if the server were to blindly trust some HTTP headers which is just the application payload in a TCP stream. It's not spoofing the IP at any network layer.

> https://github.com/ParsaKSH/spoof-tunnel

Requires mutually agreed spoofing on both sides... at which point it's not really spoofing and also clearly not applicable because Wikipedia will not agree to it. (It is useful in the context that they're using it, just not at all what you're talking about)

Without controling a router that's on the path or being able to publish a route that contains the IP address you're trying to spoof, there is no way to spoof an IP address in bidirectional communication.

	▲	rolph 4 hours ago \| parent [-]
		"blindly trust some HTTP headers" "Without controling a router" "Requires mutually agreed spoofing on both sides" you understand the concepts, and the requirements for POC, but you are not the only one. and for those who want a working weapon,they will have to identify ALL the requirements and implement it themselves. im not about to leave the weapon loaded and fully assembled in a public place. it sounds like you are fully capable of manufacturing that weapon if you really wanted to. also people really are soft, it starts with soc eng, and goes from there.