Skip to main content

Questions tagged [spoofing]

Spoofing is an activity when a person or program try to impersonates itself as another.

Filter by
Sorted by
Tagged with
70 votes
15 answers
16k views

Are IP addresses "trivial to forge"?

I was reading through some of the notes on Google's new public DNS service: Performance Benefits Security Benefits I noticed under the security section this paragraph: Until a standard system-wide ...
Jeff Atwood's user avatar
  • 13.2k
33 votes
4 answers
79k views

Can the IP address for an HTTP request be spoofed?

On a website I am building, I plan to log the IP addresses of submissions, just in case it's necessary. I don't mind proxies, but outright spoofing your IP address would defeat the purpose. To ...
TND's user avatar
  • 445
11 votes
1 answer
6k views

How to prevent IP spoofing using MAC and ebtables?

I am trying to create IP-MAC pairing rules in ebtables. There are few tutorials and related questions [1] available but I have kind of specific setting. ENVIRONMENT: I have many physical hosts. Each ...
Martin's user avatar
  • 341
10 votes
6 answers
11k views

How reliable are IP address-based firewall restrictions?

On some of my production systems that need to be accessible outside of the LAN I will sometimes add a firewall restriction at the edge to only permit traffic on, say, RDP from a specific origin IP ...
tacos_tacos_tacos's user avatar
7 votes
3 answers
17k views

How to prevent ip spoofing within iptables?

My Apache web-server on Linux is being flooded by massive requests for a non-existent file. The immediate impact is the rapid growth of the access & error log. I already took care of this by not ...
user avatar
7 votes
1 answer
8k views

Does postfix reject spoofed senders?

Is there a reliable way to reject incoming mails with a spoofed e-mail address? What kind of checks does postfix run normally on incoming mails? does postfix check the reverse dns by default? does ...
lszrh's user avatar
  • 683
6 votes
5 answers
2k views

Any way I can correct DNS spoofing against our domain

This morning I found out that our domain and subdomains have been poisoned on the 4.2.2 and 4.2.2.1 DNS servers along with others I think, though I have not confirmed others yet. Using OpenDNS ...
brandon's user avatar
  • 61
6 votes
1 answer
12k views

Is it possible to override a single domain name using dnsmasq?

I have a server application that I'm running two instances of, production and development, namely: prod.example.com (10.0.0.1) dev.example.com (10.0.0.2) A third-party has written a client ...
Matt's user avatar
  • 322
5 votes
4 answers
2k views

MAC address spoofing - why doesn't this work? [closed]

So I'm in a new job, and they're pretty draconian about their network, hardware, and OS security. :-( I'm a web developer, but am forced to use IE7 for development simply because they don't want ...
loneboat's user avatar
  • 303
5 votes
1 answer
18k views

How can I prevent spoofed emails from outside thats using my internal accepted domain

I'm receiving spam emails sent from my own domain to my own domain. I'm using Exchange 2013. Example: [email protected] is being used to send spam to [email protected]. I can successfully ...
Niklas J. MacDowall's user avatar
4 votes
2 answers
7k views

Wrong DNS answer with CNAME and A Record at the same time

We had a customer which has set a CNAME Record for his domain. Somehow he managed it to set an A Record too, which should be not possible and is forbidden by DNS. But the result was: $ dig @ns1.your-...
Janning's user avatar
  • 1,601
3 votes
3 answers
558 views

How to Limit the Damage of Domain Spoofing

My e-mail account, for my privately run business which I'll call "VeryCoolCompany", is starting to receive bounce-backs for users who don't exist, like these: [email protected] dietskra44-...
Brent Arias's user avatar
3 votes
5 answers
10k views

Setting up an SPF record for a shared hosting service with lots of email gateways

My website is on a Hostgator shared host, and I need to set up SPF for my email so my outgoing emails won't get bounced. So, I have to add a TXT record to the DNS for my domain, listing all possible ...
Daniel Griscom's user avatar
3 votes
2 answers
221 views

If I use iptables to allow TCP connections only from a specific IP, can it be faked?

An iptables rule on my database server is: -A INPUT -p tcp --dport 6432 -s 10.115.0.150 -j ACCEPT I have other rules (loopback, etc.), but I'm wondering if that specific rule can be "hacked". Can ...
orokusaki's user avatar
  • 2,881
3 votes
2 answers
16k views

Googlecast SSDP and MDNS queries on network despite not having any chromecast applications installed in main computer

As title states, Ive detected some MDNS queries from a googlecast address, which is strange since i don't have any googlecast apps or similar installed. Additionally My PC is sending SSDP packets to ...
N S's user avatar
  • 33
3 votes
2 answers
3k views

Stop spoof emails in Google Apps

Desperately need some help here. I've been using Google Apps for my domain (2qubed.co.uk) for over 2 years now with no problems at all until recently. For the past few months I have been getting lots ...
hems77's user avatar
  • 31
3 votes
2 answers
2k views

Linux-KVM / iptables: prevent guest spoofing by matching ip+mac address on bridge?

I have my KVM guests on a standard br0 bridge setup: auto br0 iface br0 inet static address 192.168.1.117 netmask 255.255.255.0 network 192.168.1.1 broadcast 192.168.1.225 gateway 192....
Matt's user avatar
  • 295
3 votes
1 answer
1k views

Exchange not checking SPF record for own domain

I have an interesting issue with Exchange where it appears to check and stamp spoofed messages from external domains but not ones it has setup to send from. For example I can spoof a message from 1@...
Oliver Hills's user avatar
3 votes
1 answer
2k views

Dovecot Sieve allows spoofing through LMTP

I have set up Postfix to block spoofing your email (you can only send emails as yourself): smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch I have set up Sieve and ...
Friend of Kim's user avatar
3 votes
1 answer
2k views

"From:" e-mail header spoofing - how to verify such mail?

I'm facing a problem of verifying a "From:" message field in e-mail messages, in terms of e-mail spoofing. I am currently using SPF and DKIM to verify the origin and integrity of messages, but as far ...
gds.jerry's user avatar
3 votes
0 answers
229 views

Using DMARC techniques to block Backscatter

We run a small email (receiving not bulk sending) service (~ 300 domains or so) for our customers and are just starting to introduce DMARC. One of the reasons for doing so is to help stop backscatter ...
Rob Lambden's user avatar
2 votes
1 answer
2k views

How did this email bypass my SPF settings?

I received a phishing email this morning that appeared to come from one of my addresses to itself. Looking at the headers, I found something interesting. DomainKey-Status: no signature X-Spam-...
SuperMykEl's user avatar
2 votes
1 answer
4k views

Checking SMTP headers for spoofed email (did client authenticate?)

I have been using rackspace email service, and I am finding that rogue emails are seemingly coming from [email protected] to [email protected] but were never actually sent by that user. As per ...
morleyc's user avatar
  • 1,130
2 votes
2 answers
8k views

Different Mac address to virtual interface and primary interface

I am developing a system, where I need virtual interface to have different mac address for my primary and virtual interface lets say my mac for eth0 is 00:11:00:11:00:11 and my virtual interface is ...
sanketmlad's user avatar
2 votes
2 answers
406 views

Can IP spoofed traffic get above the transport layer?

I'd like to know whether you could get packets with a spoofed IP address above the transport layer. My thoughts are: TCP: No, as acknowledgements would never get to the original sender if their IP ...
Ray2k's user avatar
  • 123
2 votes
1 answer
3k views

Prevent from being spoofed by sendgrid

Recently we received an odd mail coming from [email protected] to [email protected] The problem is that address1 didn't send any email to address2. The email was sent using sendgrid. Sendgrid ...
Diogo Jesus's user avatar
2 votes
2 answers
3k views

How to spoof an IP for application that needs this particular IP?

In general, such a problem, there is a system RHEL 6.4 Server with a pair of network interfaces combined into one by bonding. This system IP address: 10.7.7.1. Next on the system running an ...
abg's user avatar
  • 163
2 votes
1 answer
2k views

Prevent mail server (sendmail) used to backscatter

Hi I recently got an email from Amazon, saying that my EC2 instance is sending spam. So what they say is my mail server is receiving email for a non-existing user and therefore bounces the email back ...
Xavier_Ex's user avatar
  • 159
2 votes
1 answer
2k views

Rewrite email (RFC822) From address to match MAIL FROM (RFC821) envelope address postfix

I'm taking steps to harden my outgoing postfix SMTP server. I want to prevent users from spoofing their sender address. When sending email with postfix SMTP the sender is identified in three ways: ...
Philip Couling's user avatar
2 votes
2 answers
2k views

SpamAssassin, Postfix, and Multiple Addresses in From Header

I'm working on a problem that I'm seeing with an email scanning server (MailScanner, Spamassassin, Postfix, etc.), and From header spoofing. Unfortunately, some of the versions of these components ...
rickyboone's user avatar
2 votes
2 answers
4k views

Reject obviously spoofed messages in Exchange 2007 SP2

I have an Exchange 2007 SP2 server which happily accepts SMTP messages whose sender is [email protected] and the recipient is [email protected]; this leads to all sort of spoofing ...
Massimo's user avatar
  • 71.7k
1 vote
3 answers
2k views

How to avoid DNS spoofing for DNS lookup

I am trying to find a way to obtain the real ip addresse(s) for a domain name. I'm working on a router doing traffic shaping with the use of iptables and tc. I then need to setup iptables rules for ...
Mulot's user avatar
  • 484
1 vote
3 answers
2k views

Spoof database connection to be local instead of remote

I am trying to connect one of our clients "as is" programs to a remote database instead of a local one, they think that they have coded it to work that way, but for some reason the program ...
spydon's user avatar
  • 133
1 vote
2 answers
933 views

Cloudflare "Access" service real security

Cloudflare Access is a new attractive feature from Cloudflare, based more or less on Google's BeyondCorp (a reverse-proxy with login which should replace VPN in accessing internal network applications)...
Miro's user avatar
  • 151
1 vote
1 answer
3k views

Any way to block IP address host header spoofing?

I have already added the following the following to my nginx config to deal with spoofed domains: if ($host !~* ^(.*example.org|\d+\.\d+\.\d+\.\d+)$ ) { return 444; } Right now ...
Jordan Reiter's user avatar
1 vote
2 answers
184 views

Possibilities to protect network traffic in datacenter without adding much latency

I am looking for possibilities (and their pros and cons) for protecting network traffic of the components of a a time-critical application in a data center. The aim is minimizing the damage an ...
Hauke Laging's user avatar
  • 5,375
1 vote
1 answer
2k views

Possibility of detecting MAC address spoofing in a decentralized network? [closed]

The paper that has been published here: https://dl.acm.org/citation.cfm?id=3282283 proposes a consensus algorithm based on distributed voting process in which it claims that it would be possible to ...
Questioner's user avatar
1 vote
1 answer
1k views

What's the best way to block IP spoofing on a layer 3 switch?

We're hosting Dedicated Servers and are currently using old 3com switches with IP-based ACLs. So each port has an ACL that allows all IP addresses assigned to this customer, and blocks everything else....
toupeira's user avatar
  • 121
1 vote
1 answer
4k views

Whats the purpose of getting daily DMARC reports from google about my Mail Server?

I've been getting DMARC reports from google everyday after setting this up on my domain to prevent domain spoofing. Do I really need to have this daily report? I've never opened the attached zip file ...
Patoshi パトシ's user avatar
1 vote
2 answers
3k views

Iptables rules to prevent IP Spoofing

We had following below iptables rules that exist in our web front-end boxes to prevent IP Spoofing: -A INPUT -s 255.0.0.0/8 -j LOG --log-prefix "Spoofed source IP" -A INPUT -s 255.0.0.0/8 -j DROP -A ...
Zama Ques's user avatar
  • 523
1 vote
1 answer
151 views

Using SPF for spoof protection

I'm trying to work through properly configuring SPF for my domain. We have two MX servers that only receive mail, and two outbound relay servers which we expect to list in our SPF record. We also ...
Alex Regan's user avatar
1 vote
1 answer
1k views

Practical way to implement prevention of IP Spoofing

I am an undergraduate Computer Science student and was hoping to gain some knowledge of ways to help prevent IP spoofing but all the resources I have tried out elaborate this concept in a theoretical ...
user1369975's user avatar
1 vote
2 answers
6k views

ISP login, MAC spoofing, WiFi and multiple devices

I have a Tikona Digital Broadband (WiMax based) Internet Connection which allows limited number of devices to be connected at a time and also requires that the users login with username and password (...
neeks's user avatar
  • 131
1 vote
1 answer
772 views

DDoS false IP attack [duplicate]

Possible Duplicate: DDoS attack, how to stop? I'm getting 10MB attacks, IP spoofing, which is used fake IPs, causing high CPU usage of the machine, and falls all. What should I do to prevent it? ...
Cristian Augusto's user avatar
1 vote
1 answer
880 views

Using arpwatch to backtrack proxy access ip to eap-tls certificate

In my network I am using eap-tls authentication (machine certificates) for clients. Those clients are using a squid proxy to access the internet. The proxy is logging the request to the access.log. ...
HalloDu's user avatar
  • 121
1 vote
2 answers
266 views

MAC spoofing - keeping the connection alive

Is it possible to keep a connection alive, while spoofing/changing the MAC address of your own network adapter (especially wlan adapter), without needing to re-authenticate against 802.1X RADIUS-...
HalloDu's user avatar
  • 121
1 vote
1 answer
266 views

Preventing Email Spoofing

I use Google Apps with my domain. Recently, we have begun to receive spam that gets past Google's spam filters. They are from our own email addresses. I am wondering how to prevent this kind of ...
Donald T's user avatar
  • 183
1 vote
2 answers
283 views

How to block spoofed mail from *.host.com

I'm currently running a centOS server with directadmin and custombuild. I keep getting spoofed phishing mails with spoofed from addresses that have SPF setup properly. Spamassassin gives it a score 1....
user3411864's user avatar
1 vote
1 answer
1k views

first step to combat display name spoofing on postfix

lately we receive a lot of display name spoofed emails in our company, impersonating customers and suppliers. Since my co-workers unfortunately do not pay too much attention to security warnings, etc. ...
user3292312's user avatar
1 vote
2 answers
470 views

How config Exim4 to accept only authenticated sender

How can I setup Exim to accept only authenticated email from managed domain address? I'm receiving spoofed email.. from myself.
Tobia's user avatar
  • 1,344