Jump to content


Photo
- - - - -

IP addresses and spoofing


  • Please log in to reply
5 replies to this topic

#1 Spyril

Spyril

    Hakker addict

  • Members
  • 588 posts
  • Location:North Dakota

Posted 18 September 2007 - 06:28 PM

I have several questions related to IP addresses. First of all, why is there an IP address on your computer if the IP address used on the internet is the one on your router? Also, if IP addresses are stored on your network card, can't you change it there to spoof your IP, rather than having to modify each individual packet? Sorry if I'm really mixed-up about this, I'm getting a lot of seemingly different information from different sources.

#2 McGrewSecurity

McGrewSecurity

    SUPR3M3 31337 Mack Daddy P1MP

  • Agents of the Revolution
  • 338 posts
  • Location:Starkville, MS

Posted 18 September 2007 - 06:53 PM

Your network card works at the data link layer, and therefore doesn't know anything about IP. Your operating system implements the network layer, which is where IP comes into play. Your applications that use TCP (and other protocols that are implemented over IP), such as web browsers, require IP, and therefore, the you need an IP address so that these packets can be sent to the correct machine on your local network. At your router, NAT is used to give access to the outside world to multiple computers on the "inside" (your home network) using one external IP address assigned to you by your ISP.

Read up on the layers of the TCP/IP model, and it'll likely make a little more sense:

http://en.wikipedia....ki/TCP/IP_model

#3 deadc0de

deadc0de

    SUP3R 31337 P1MP

  • Members
  • 272 posts
  • Location:ring0

Posted 18 September 2007 - 07:42 PM

Your network card works at the data link layer, and therefore doesn't know anything about IP. Your operating system implements the network layer, which is where IP comes into play. Your applications that use TCP (and other protocols that are implemented over IP), such as web browsers, require IP, and therefore, the you need an IP address so that these packets can be sent to the correct machine on your local network. At your router, NAT is used to give access to the outside world to multiple computers on the "inside" (your home network) using one external IP address assigned to you by your ISP.

Read up on the layers of the TCP/IP model, and it'll likely make a little more sense:

http://en.wikipedia....ki/TCP/IP_model



Adding to that, IP spoofing only works one way. If you make a program to modify the IP header of the packet you are sending the target receiving said packet will follow the "handshake" and send one back to the corresponding IP. One of two things will happen. Either the packet will be lost in transit (meaning the IP didn't match any computer), or someone you don't know will receive your packet. A more literal "IP spoof" is called a proxy server and works on the same concept you are implying, but completes said handshake and you receive whatever you were after.

Edited by deadc0de, 18 September 2007 - 07:43 PM.


#4 BSDfan

BSDfan

    SUPR3M3 31337 Mack Daddy P1MP

  • Banned
  • 300 posts

Posted 18 September 2007 - 08:46 PM

IP addresses are a simple concept, think of them like your postal address.. It's designed to uniquely identify you on networks.. (The Internet for instance..)..

IPv4(The current de facto version..) is limited to around 4 billion unique addresses, That may seem like many.. but it really doesn't leave much room for any growth!!

Network Address Translation(NAT) was designed to "buy us some extra time"...

Basically, Your NAT router has an address visible to the rest of the world, and another that "only" the computers inside of your (LAN - Local Area Network) can see..

Graphical Example..(I have way to much time on my hands..)
Posted Image

Links:
Wikipedia is a nice resource, It's very helpful :)
http://en.wikipedia....ess_translation
http://en.wikipedia.org/wiki/IPv4
http://en.wikipedia.org/wiki/IPv6 (I didn't mention this, But hopefully it's our future :))

Edited by BSDfan, 18 September 2007 - 10:50 PM.


#5 Spyril

Spyril

    Hakker addict

  • Members
  • 588 posts
  • Location:North Dakota

Posted 18 September 2007 - 11:05 PM

you need an IP address so that these packets can be sent to the correct machine on your local network


But isn't that what MAC addresses are for?

#6 McGrewSecurity

McGrewSecurity

    SUPR3M3 31337 Mack Daddy P1MP

  • Agents of the Revolution
  • 338 posts
  • Location:Starkville, MS

Posted 18 September 2007 - 11:16 PM

Because TCP and other transport protocols can't simply skip over the network layer (IP) and operate on the data link layer (where devices are addressed by MAC address). The network layer adds capabilities for fragmentation, multiple network addresses per physical device, among others. As important as this is, transport layer protocols simply expect the interface of the network layer to be there, and aren't designed to work directly on top of the data link layer.

Edit: To directly answer the question of what MAC addresses are for, they're to allow physical devices on the network to be addressed. IP addresses represent logical endpoints, and might have a many-to-one relationship with physical devices, in addition to the services the network layer provides to the transport layer.

Read up on the layering article I linked above, and perhaps a book like "TCP/IP Illustrated, Volume 1" by Richard Stevens.

Edited by McGrewSecurity, 18 September 2007 - 11:18 PM.





BinRev is hosted by the great people at Lunarpages!