Re: [SLUG] IP spoofing and tracking

From: Derek Glidden (dglidden@illusionary.com)
Date: Mon Feb 25 2002 - 11:12:58 EST

Next message: Derek Glidden: "Re: [SLUG] utility monitor telnet sessions"
Previous message: patrick grantham: "[SLUG] Suse "Konsole" defualt"
In reply to: Norbert Cartagena: "[SLUG] IP spoofing and tracking"
Next in thread: Mikes work account: "[SLUG] Ok here we have it now,,"
Reply: Mikes work account: "[SLUG] Ok here we have it now,,"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Fri, 2002-02-22 at 23:45, Norbert Cartagena wrote:
> Ok, security question here for both Linux and Windows:
>
> I have a friend (Using Win2k a his main box, that poor lost soul) who
> has as of late been getting ping-bombed. He lives in an appartment
> complex that has their own internal LAN for the entire complex. He was
> able to find out the IP from where the pings were apparently comming
> from. However, when he tracked it down, he found out that it wasn't the
> person with that IP doing that - someone was spoofing their IP to this
> other person's. He was able to determine that the pings were comming
> from within their network, but hasn't been able toget any more info than
> that. I was wondering if there was a tool - under either Windows or
> Linux - that would be able to track the IP to the true source, a way of
> somehow un-spoofing the address?
>
> I know this must seem vague, but I didn't get too many details when I
> was talking to this guy - I was kinda in the middle of something that
> took a bit more of my attention at that particular moment - so my
> appologies if it seems almost like random babble.

You should be able to read the packets with something like tcpdump to
get a MAC address off of them, then nmap (or something) the network to
find the IP that really goes to that particular MAC.

This should work if the whole local LAN is flat.

OT: what apartment complex does he live in that has a local LAN??

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#!/usr/bin/perl -w
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map
{$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;
$t^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)
[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,join
"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d
>>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*
8^$q<<6))<<9,$_=$t[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}
print+x"C*",@a}';s/x/pack+/g;eval 
usage: qrpff 153 2 8 105 225 < /mnt/dvd/VOB_FILENAME \
    | extract_mpeg2 | mpeg2dec - 
         http://www.cs.cmu.edu/~dst/DeCSS/Gallery/
http://www.eff.org/                   http://www.anti-dmca.org/

Next message: Derek Glidden: "Re: [SLUG] utility monitor telnet sessions"
Previous message: patrick grantham: "[SLUG] Suse "Konsole" defualt"
In reply to: Norbert Cartagena: "[SLUG] IP spoofing and tracking"
Next in thread: Mikes work account: "[SLUG] Ok here we have it now,,"
Reply: Mikes work account: "[SLUG] Ok here we have it now,,"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:41:34 EDT