On Tue, 30 Oct 2001, spiekey wrote:
Hello! Let�s say i have a big LAN, with a few gateways and a firewall. As bigger your networks get�s the more you will be conflicted with pepole who want to "explore" your LAN. Thats why i was wondering how you can detect spoofing hosts. And why can spoofing be so dangerous, i couldn�t think of an good example.
Quick answer: you can detect spoofing hosts if they pretend to be an IP address that you run. You get logs on one machine saying it got a request from a particular IP address; but on the machine that has that IP address, it doesn't say the request was sent. Also, if a packet headed for another machine goes by the same ethernet segment that the machine whose IP address it's using is on, then the machine whose IP address the spoofer is pretending to have will log the event. Spoofing is dangerous because most networks allow extra priveleges to machines in some ranges of IP addresses (the "local network", or "network peers") or huge priveleges to particular machines (servers, controllers, etc). Spoofing is therefore a way for crackers to get the priveleges of those machines. Bear