Questions tagged [spoofing]
Spoofing is an activity when a person or program try to impersonates itself as another.
126
questions
70
votes
15
answers
16k
views
Are IP addresses "trivial to forge"?
I was reading through some of the notes on Google's new public DNS service:
Performance Benefits
Security Benefits
I noticed under the security section this paragraph:
Until a standard system-wide ...
33
votes
4
answers
79k
views
Can the IP address for an HTTP request be spoofed?
On a website I am building, I plan to log the IP addresses of submissions, just in case it's necessary. I don't mind proxies, but outright spoofing your IP address would defeat the purpose.
To ...
11
votes
1
answer
6k
views
How to prevent IP spoofing using MAC and ebtables?
I am trying to create IP-MAC pairing rules in ebtables. There are few tutorials and related questions [1] available but I have kind of specific setting.
ENVIRONMENT:
I have many physical hosts. Each ...
10
votes
6
answers
11k
views
How reliable are IP address-based firewall restrictions?
On some of my production systems that need to be accessible outside of the LAN I will sometimes add a firewall restriction at the edge to only permit traffic on, say, RDP from a specific origin IP ...
7
votes
3
answers
17k
views
How to prevent ip spoofing within iptables?
My Apache web-server on Linux is being flooded by massive requests for a non-existent file. The immediate impact is the rapid growth of the access & error log. I already took care of this by not ...
7
votes
1
answer
8k
views
Does postfix reject spoofed senders?
Is there a reliable way to reject incoming mails with a spoofed e-mail address?
What kind of checks does postfix run normally on incoming mails?
does postfix check the reverse dns by default?
does ...
6
votes
5
answers
2k
views
Any way I can correct DNS spoofing against our domain
This morning I found out that our domain and subdomains have been poisoned on the 4.2.2 and 4.2.2.1 DNS servers along with others I think, though I have not confirmed others yet. Using OpenDNS ...
6
votes
1
answer
12k
views
Is it possible to override a single domain name using dnsmasq?
I have a server application that I'm running two instances of, production and development, namely:
prod.example.com (10.0.0.1)
dev.example.com (10.0.0.2)
A third-party has written a client ...
5
votes
4
answers
2k
views
MAC address spoofing - why doesn't this work? [closed]
So I'm in a new job, and they're pretty draconian about their network, hardware, and OS security. :-( I'm a web developer, but am forced to use IE7 for development simply because they don't want ...
5
votes
1
answer
18k
views
How can I prevent spoofed emails from outside thats using my internal accepted domain
I'm receiving spam emails sent from my own domain to my own domain. I'm using Exchange 2013.
Example:
[email protected] is being used to send spam to [email protected].
I can successfully ...
4
votes
2
answers
7k
views
Wrong DNS answer with CNAME and A Record at the same time
We had a customer which has set a CNAME Record for his domain. Somehow he managed it to set an A Record too, which should be not possible and is forbidden by DNS. But the result was:
$ dig @ns1.your-...
3
votes
3
answers
558
views
How to Limit the Damage of Domain Spoofing
My e-mail account, for my privately run business which I'll call "VeryCoolCompany", is starting to receive bounce-backs for users who don't exist, like these:
[email protected]
dietskra44-...
3
votes
5
answers
10k
views
Setting up an SPF record for a shared hosting service with lots of email gateways
My website is on a Hostgator shared host, and I need to set up SPF for my email so my outgoing emails won't get bounced. So, I have to add a TXT record to the DNS for my domain, listing all possible ...
3
votes
2
answers
221
views
If I use iptables to allow TCP connections only from a specific IP, can it be faked?
An iptables rule on my database server is:
-A INPUT -p tcp --dport 6432 -s 10.115.0.150 -j ACCEPT
I have other rules (loopback, etc.), but I'm wondering if that specific rule can be "hacked". Can ...
3
votes
2
answers
16k
views
Googlecast SSDP and MDNS queries on network despite not having any chromecast applications installed in main computer
As title states,
Ive detected some MDNS queries from a googlecast address, which is strange since i don't have any googlecast apps or similar installed.
Additionally My PC is sending SSDP packets to ...
3
votes
2
answers
3k
views
Stop spoof emails in Google Apps
Desperately need some help here. I've been using Google Apps for my domain (2qubed.co.uk) for over 2 years now with no problems at all until recently.
For the past few months I have been getting lots ...
3
votes
2
answers
2k
views
Linux-KVM / iptables: prevent guest spoofing by matching ip+mac address on bridge?
I have my KVM guests on a standard br0 bridge setup:
auto br0
iface br0 inet static
address 192.168.1.117
netmask 255.255.255.0
network 192.168.1.1
broadcast 192.168.1.225
gateway 192....
3
votes
1
answer
1k
views
Exchange not checking SPF record for own domain
I have an interesting issue with Exchange where it appears to check and stamp spoofed messages from external domains but not ones it has setup to send from. For example I can spoof a message from 1@...
3
votes
1
answer
2k
views
Dovecot Sieve allows spoofing through LMTP
I have set up Postfix to block spoofing your email (you can only send emails as yourself):
smtpd_sender_restrictions =
reject_authenticated_sender_login_mismatch
I have set up Sieve and ...
3
votes
1
answer
2k
views
"From:" e-mail header spoofing - how to verify such mail?
I'm facing a problem of verifying a "From:" message field in e-mail messages, in terms of e-mail spoofing. I am currently using SPF and DKIM to verify the origin and integrity of messages, but as far ...
3
votes
0
answers
229
views
Using DMARC techniques to block Backscatter
We run a small email (receiving not bulk sending) service (~ 300 domains or so) for our customers and are just starting to introduce DMARC. One of the reasons for doing so is to help stop backscatter ...
2
votes
1
answer
2k
views
How did this email bypass my SPF settings?
I received a phishing email this morning that appeared to come from one of my addresses to itself.
Looking at the headers, I found something interesting.
DomainKey-Status: no signature
X-Spam-...
2
votes
1
answer
4k
views
Checking SMTP headers for spoofed email (did client authenticate?)
I have been using rackspace email service, and I am finding that rogue emails are seemingly coming from [email protected] to [email protected] but were never actually sent by that user.
As per ...
2
votes
2
answers
8k
views
Different Mac address to virtual interface and primary interface
I am developing a system, where I need virtual interface to have different mac address for my primary and virtual interface
lets say my mac for eth0 is 00:11:00:11:00:11
and my virtual interface is ...
2
votes
2
answers
406
views
Can IP spoofed traffic get above the transport layer?
I'd like to know whether you could get packets with a spoofed IP address above the transport layer. My thoughts are:
TCP: No, as acknowledgements would never get to the original sender if their IP ...
2
votes
1
answer
3k
views
Prevent from being spoofed by sendgrid
Recently we received an odd mail coming from [email protected] to [email protected]
The problem is that address1 didn't send any email to address2. The email was sent using sendgrid.
Sendgrid ...
2
votes
2
answers
3k
views
How to spoof an IP for application that needs this particular IP?
In general, such a problem, there is a system RHEL 6.4 Server with a pair of network interfaces combined into one by bonding. This system IP address: 10.7.7.1. Next on the system running an ...
2
votes
1
answer
2k
views
Prevent mail server (sendmail) used to backscatter
Hi I recently got an email from Amazon, saying that my EC2 instance is sending spam. So what they say is my mail server is receiving email for a non-existing user and therefore bounces the email back ...
2
votes
1
answer
2k
views
Rewrite email (RFC822) From address to match MAIL FROM (RFC821) envelope address postfix
I'm taking steps to harden my outgoing postfix SMTP server. I want to prevent users from spoofing their sender address.
When sending email with postfix SMTP the sender is identified in three ways:
...
2
votes
2
answers
2k
views
SpamAssassin, Postfix, and Multiple Addresses in From Header
I'm working on a problem that I'm seeing with an email scanning server (MailScanner, Spamassassin, Postfix, etc.), and From header spoofing. Unfortunately, some of the versions of these components ...
2
votes
2
answers
4k
views
Reject obviously spoofed messages in Exchange 2007 SP2
I have an Exchange 2007 SP2 server which happily accepts SMTP messages whose sender is [email protected] and the recipient is [email protected]; this leads to all sort of spoofing ...
1
vote
3
answers
2k
views
How to avoid DNS spoofing for DNS lookup
I am trying to find a way to obtain the real ip addresse(s) for a domain name. I'm working on a router doing traffic shaping with the use of iptables and tc. I then need to setup iptables rules for ...
1
vote
3
answers
2k
views
Spoof database connection to be local instead of remote
I am trying to connect one of our clients "as is" programs to a remote database instead of a local one, they think that they have coded it to work that way, but for some reason the program ...
1
vote
2
answers
933
views
Cloudflare "Access" service real security
Cloudflare Access is a new attractive feature from Cloudflare, based more or less on Google's BeyondCorp (a reverse-proxy with login which should replace VPN in accessing internal network applications)...
1
vote
1
answer
3k
views
Any way to block IP address host header spoofing?
I have already added the following the following to my nginx config to deal with spoofed domains:
if ($host !~* ^(.*example.org|\d+\.\d+\.\d+\.\d+)$ ) {
return 444;
}
Right now ...
1
vote
2
answers
184
views
Possibilities to protect network traffic in datacenter without adding much latency
I am looking for possibilities (and their pros and cons) for protecting network traffic of the components of a a time-critical application in a data center. The aim is minimizing the damage an ...
1
vote
1
answer
2k
views
Possibility of detecting MAC address spoofing in a decentralized network? [closed]
The paper that has been published here: https://dl.acm.org/citation.cfm?id=3282283 proposes a consensus algorithm based on distributed voting process in which it claims that it would be possible to ...
1
vote
1
answer
1k
views
What's the best way to block IP spoofing on a layer 3 switch?
We're hosting Dedicated Servers and are currently using old 3com switches with IP-based ACLs. So each port has an ACL that allows all IP addresses assigned to this customer, and blocks everything else....
1
vote
1
answer
4k
views
Whats the purpose of getting daily DMARC reports from google about my Mail Server?
I've been getting DMARC reports from google everyday after setting this up on my domain to prevent domain spoofing. Do I really need to have this daily report? I've never opened the attached zip file ...
1
vote
2
answers
3k
views
Iptables rules to prevent IP Spoofing
We had following below iptables rules that exist in our web front-end boxes to prevent IP Spoofing:
-A INPUT -s 255.0.0.0/8 -j LOG --log-prefix "Spoofed source IP"
-A INPUT -s 255.0.0.0/8 -j DROP
-A ...
1
vote
1
answer
151
views
Using SPF for spoof protection
I'm trying to work through properly configuring SPF for my domain. We have two MX servers that only receive mail, and two outbound relay servers which we expect to list in our SPF record.
We also ...
1
vote
1
answer
1k
views
Practical way to implement prevention of IP Spoofing
I am an undergraduate Computer Science student and was hoping to gain some knowledge of ways to help prevent IP spoofing but all the resources I have tried out elaborate this concept in a theoretical ...
1
vote
2
answers
6k
views
ISP login, MAC spoofing, WiFi and multiple devices
I have a Tikona Digital Broadband (WiMax based) Internet Connection which allows limited number of devices to be connected at a time and also requires that the users login with username and password (...
1
vote
1
answer
772
views
DDoS false IP attack [duplicate]
Possible Duplicate:
DDoS attack, how to stop?
I'm getting 10MB attacks, IP spoofing, which is used fake IPs, causing high CPU usage of the machine, and falls all. What should I do to prevent it?
...
1
vote
1
answer
880
views
Using arpwatch to backtrack proxy access ip to eap-tls certificate
In my network I am using eap-tls authentication (machine certificates) for clients. Those clients are using a squid proxy to access the internet. The proxy is logging the request to the access.log. ...
1
vote
2
answers
266
views
MAC spoofing - keeping the connection alive
Is it possible to keep a connection alive, while spoofing/changing the MAC address of your own network adapter (especially wlan adapter), without needing to re-authenticate against 802.1X RADIUS-...
1
vote
1
answer
266
views
Preventing Email Spoofing
I use Google Apps with my domain.
Recently, we have begun to receive spam that gets past Google's spam filters. They are from our own email addresses.
I am wondering how to prevent this kind of ...
1
vote
2
answers
283
views
How to block spoofed mail from *.host.com
I'm currently running a centOS server with directadmin and custombuild.
I keep getting spoofed phishing mails with spoofed from addresses that have SPF setup properly.
Spamassassin gives it a score 1....
1
vote
1
answer
1k
views
first step to combat display name spoofing on postfix
lately we receive a lot of display name spoofed emails in our company, impersonating customers and suppliers.
Since my co-workers unfortunately do not pay too much attention to security warnings, etc. ...
1
vote
2
answers
470
views
How config Exim4 to accept only authenticated sender
How can I setup Exim to accept only authenticated email from managed domain address?
I'm receiving spoofed email.. from myself.