From the course: Threat Modeling: Spoofing In Depth

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Advanced host spoofing

Advanced host spoofing

From the course: Threat Modeling: Spoofing In Depth

Start my 1-month free trial

Advanced host spoofing

- When I'm not in line, in complete control of the packet flow, there's more that can go wrong. That's certainly the case with the local network and blind models for spoofing. The second place from which to spoof is a host on the local network. Some security tools do this with simple command line options. For example, this nmap command tells nmap to spoof packets as if they're coming from IP 10.2.3.5 while scanning 10.2.3.6. I'll call the three machines Spoofer, Target, and Spoofee so I don't have to keep repeating the numbers. Now there may be a real machine with Spoofee's IP address, and if so, it won't know what to do with the packets that it's getting from Spoofee. If that's the case, I need to send packets back before Target's or suppress Target's packets, and I can do that in various ways, including crashing Target or flooding it with packets. Obviously, it's easier to spoof well when I know more about what's goin' on. That knowledge can come from using promiscuous mode on a…

Contents