Can someone mimic a specific IP address?

Upchurch

Papa Funkosophy
Upchurch
Joined
May 10, 2002
Messages
34,265
Location
St. Louis, MO
Can someone mimic a specific IP address when posting on this forum board? In flame war, there is a guy who claims that someone hacked his account and made a post under his name. The thing is, the suspect post has the same IP address as his other posts.

Is that possible?
 
Very unlikely, his IP address would be assigned by his ISP. Of course the IP address would be assigned from a pool so theoretically someone else with the same ISP could later be assigned the same IP number by DHCP but it's extremely unlikely.
 
Upchurch,

How were you able to determine the IP address in the first place?
 
Upchurch said:
Can someone mimic a specific IP address when posting on this forum board? In flame war, there is a guy who claims that someone hacked his account and made a post under his name. The thing is, the suspect post has the same IP address as his other posts.

Is that possible?
Click to expand...

It's possible to mimic an IP address, yes. Usually it requires a DOS attack to the other machine with that IP address. It seems unlikely that someone posting in a flame war on this site would be bright enough or motivated enough to do it.
 
There's a little more to it than that...what epepke says will work as long as you don't need to get the response back. If you do, you need to be "in the middle," in other words, if you're on the person's network or on one of the networks his traffic is going through. Then you can pull of the packets and get the response. It's not very easy to get at that point, though.
 
Yes, IP address spoofing exists. I doubt someone would go through all the trouble of sniffing his password and spoofing his IP just to post to a stupid message board though.
 
One could use an anonymous proxy to hide their IP. There are even commercial products that do it for you.
 
wert said:
One could use an anonymous proxy to hide their IP. There are even commercial products that do it for you.
Click to expand...

Ah, but this relates to a claim from a poster that someone managed to actually post -- using his account -- from an identical ISP as his. The message also appears to have been written at about the same time as other messages from him which he has not disclaimed.

So this isn't just hiding your ISP or changing it, but matching it to the ISP of another forum member and leaving messages using their account.
 
NoZed Avenger said:
Ah, but this relates to a claim from a poster that someone managed to actually post -- using his account -- from an identical ISP as his. The message also appears to have been written at about the same time as other messages from him which he has not disclaimed.

So this isn't just hiding your ISP or changing it, but matching it to the ISP of another forum member and leaving messages using their account.
Click to expand...

Well, it really all depends. Being on the same ISP isn't enough; he has to be on the same network segment as the person he's trying to mimic. This is really only possible if both users have cable modems in the same neighborhood. Cable modems share traffic (that's why it slows down when more people get on) so it's possible to have a man-in-the-middle attack.

It COULD be that someone was watching the traffic go by, got his username and password (they're sent in the clear, you know) or the session cookie as it went across and decided to fake his connection. So they made a new connection with the fake IP address he was using, and pulled off all of the packets selecting the ones destined for that same address. He just logged in again or recreated the session cookie under a new connection. It would appear to the web server as if he were simply viewing the site from two separate browsers on the same machine; the victim's machine wouldn't notice anything unless he had a firewall installed capable of detecting this kind of thing (ZoneAlarm is NOT adequate for this).

So, is it possible? Yes. Not bloody likely though.
 
shanek said:



So, is it possible? Yes. Not bloody likely though.
Click to expand...


I would agree.


Maybe a hacker/cracker in training spending the time and truble just to see if he can.
 
You must log in or register to reply here.

Back
Top Bottom