Sign in to follow this  
Followers 0
Spyril

IP addresses and spoofing

6 posts in this topic

I have several questions related to IP addresses. First of all, why is there an IP address on your computer if the IP address used on the internet is the one on your router? Also, if IP addresses are stored on your network card, can't you change it there to spoof your IP, rather than having to modify each individual packet? Sorry if I'm really mixed-up about this, I'm getting a lot of seemingly different information from different sources.

0

Share this post


Link to post
Share on other sites

Your network card works at the data link layer, and therefore doesn't know anything about IP. Your operating system implements the network layer, which is where IP comes into play. Your applications that use TCP (and other protocols that are implemented over IP), such as web browsers, require IP, and therefore, the you need an IP address so that these packets can be sent to the correct machine on your local network. At your router, NAT is used to give access to the outside world to multiple computers on the "inside" (your home network) using one external IP address assigned to you by your ISP.

Read up on the layers of the TCP/IP model, and it'll likely make a little more sense:

http://en.wikipedia.org/wiki/TCP/IP_model

0

Share this post


Link to post
Share on other sites
Your network card works at the data link layer, and therefore doesn't know anything about IP. Your operating system implements the network layer, which is where IP comes into play. Your applications that use TCP (and other protocols that are implemented over IP), such as web browsers, require IP, and therefore, the you need an IP address so that these packets can be sent to the correct machine on your local network. At your router, NAT is used to give access to the outside world to multiple computers on the "inside" (your home network) using one external IP address assigned to you by your ISP.

Read up on the layers of the TCP/IP model, and it'll likely make a little more sense:

http://en.wikipedia.org/wiki/TCP/IP_model

Adding to that, IP spoofing only works one way. If you make a program to modify the IP header of the packet you are sending the target receiving said packet will follow the "handshake" and send one back to the corresponding IP. One of two things will happen. Either the packet will be lost in transit (meaning the IP didn't match any computer), or someone you don't know will receive your packet. A more literal "IP spoof" is called a proxy server and works on the same concept you are implying, but completes said handshake and you receive whatever you were after.

Edited by deadc0de
0

Share this post


Link to post
Share on other sites

IP addresses are a simple concept, think of them like your postal address.. It's designed to uniquely identify you on networks.. (The Internet for instance..)..

IPv4(The current de facto version..) is limited to around 4 billion unique addresses, That may seem like many.. but it really doesn't leave much room for any growth!!

Network Address Translation(NAT) was designed to "buy us some extra time"...

Basically, Your NAT router has an address visible to the rest of the world, and another that "only" the computers inside of your (LAN - Local Area Network) can see..

Graphical Example..(I have way to much time on my hands..)

natlan2ps2.png

Links:

Wikipedia is a nice resource, It's very helpful :)

http://en.wikipedia.org/wiki/Network_address_translation

http://en.wikipedia.org/wiki/IPv4

http://en.wikipedia.org/wiki/IPv6 (I didn't mention this, But hopefully it's our future :))

Edited by BSDfan
0

Share this post


Link to post
Share on other sites
you need an IP address so that these packets can be sent to the correct machine on your local network

But isn't that what MAC addresses are for?

0

Share this post


Link to post
Share on other sites

Because TCP and other transport protocols can't simply skip over the network layer (IP) and operate on the data link layer (where devices are addressed by MAC address). The network layer adds capabilities for fragmentation, multiple network addresses per physical device, among others. As important as this is, transport layer protocols simply expect the interface of the network layer to be there, and aren't designed to work directly on top of the data link layer.

Edit: To directly answer the question of what MAC addresses are for, they're to allow physical devices on the network to be addressed. IP addresses represent logical endpoints, and might have a many-to-one relationship with physical devices, in addition to the services the network layer provides to the transport layer.

Read up on the layering article I linked above, and perhaps a book like "TCP/IP Illustrated, Volume 1" by Richard Stevens.

Edited by McGrewSecurity
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0