1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Faking an IP address

Discussion in 'Cloaking and Content Generators' started by ramenraider, Nov 19, 2009.

Tags:
  1. ramenraider

    ramenraider Newbie

    Joined:
    Aug 15, 2009
    Messages:
    48
    Likes Received:
    10
    I have a few redirects setup to fake my referrer, but I was wondering if there is any way to fake an ip address? I'm pretty sure the address is attached to a packet on layer 1 (just before the packet leaves your modem) so I'm guessing you can't. Just thought I'd ask to be sure. Thanks!
     
  2. grodt

    grodt Newbie

    Joined:
    Sep 6, 2009
    Messages:
    26
    Likes Received:
    6
    Yeah i don't think you can, by the very nature of TCP/IP which HTTP uses
     
  3. BozoClown

    BozoClown Junior Member

    Joined:
    Jan 4, 2009
    Messages:
    150
    Likes Received:
    106
    No you cannot do it easily.

    You can easily do it if communication is restricted to a ringed network or even plain old wifi, at which point you are deceiving the router.

    However on the internet, it is your router and/or modem that have to deceive. If you have the all the need information about your ISP you could mod your modem, but that is not easy.
     
  4. monsterclicks

    monsterclicks Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 1, 2009
    Messages:
    1,078
    Likes Received:
    714
    Home Page:
    This can be done with some custom programming . . . we do it now for some guys in the PPC arb biz.
     
  5. justone

    justone Elite Member

    Joined:
    Oct 12, 2008
    Messages:
    1,516
    Likes Received:
    1,037
    Occupation:
    -
    Location:
    Europe
    Don't like to correct you Monster, but that's definitely not possible.

    The technique to change an IP address to any other address is called spoofing.
    grodt was correct, the TCP protocol which is used for http/https can not be spoofed due to the three-way-handshake every new connection has to make to become established.

    So even if you change the IP, you can not make a valid connection. It would be blocked at kernel level in the so called tcp/ip-stack (and many routers do not even allow spoofed packets to leave the local network)
     
  6. homenet

    homenet Power Member

    Joined:
    Jan 5, 2009
    Messages:
    790
    Likes Received:
    338
    Location:
    Dimension X
    No you cant do this, lets say you do modify the headers at layer 3 and change the source ip address.. the receiving device will receive the packet and then send the data back using the destination ip of the originiating packet, in this case an ip that isnt yours.

    There are ways to spoof your ip address using proxy servers obviously, but just plain out modifying your source ip address isnt going to work.
     
  7. jeffg

    jeffg Newbie

    Joined:
    Dec 2, 2009
    Messages:
    2
    Likes Received:
    0
    Does anyone know if at&t home and business dsl lines will pull from different pools of ip addresses? or could conflict?
     
  8. jeffg

    jeffg Newbie

    Joined:
    Dec 2, 2009
    Messages:
    2
    Likes Received:
    0
    i have 2 posters trying to set up lines with at&t without using the same ips
     
  9. outlook

    outlook Newbie

    Joined:
    Feb 4, 2009
    Messages:
    4
    Likes Received:
    0
    i don't know where to even post this question--i've looked all over the forum for proxy information, nothing related to my question:

    how do you "mask" your downloads? do most people use proxies? and what about programs/applications that require pinging to detect identity? don't some authors require authentication of some sort before proceeding with their programs?

    in orther words, how EXACTLY is everyone pulling this off without detection?

    if i am in the wrong department, please lead me to the promised land.....
     
  10. SharePro

    SharePro BANNED BANNED

    Joined:
    Sep 18, 2008
    Messages:
    156
    Likes Received:
    914
    Only using UDP can you "spoof" an IP. TCP/IP doesn't allow spoofing cause the negotiation process using the protocols (Ftp, http, https, etc.) all require a handshake.

    Consider UDP to be somebody screaming out in the middle of your neighborhood "Anybody want to go to a Party? Go to ********'s house..."

    Nobody actually knocks on your front door - rather all they do is use a bull horn to announce a party. That is UDP, and that is the reason it can be spoofed.

    However, TCP/IP cannot be spoofed specifically because the negotiation is different. It's almost like somebody showing up at your front door - knocking on your door - and identifying himself before you open the door. Before you open the door, the visitor is recognized, hence his/her IP is revealed.

    The only way to get around this is proxys.
     
  11. AternusW

    AternusW Newbie

    Joined:
    Aug 24, 2009
    Messages:
    29
    Likes Received:
    78
    If you are on a DOCSIS cable network you can mod your modem and re-route your traffic to a different regional node (not sure how to properly call them), allowing you to register as a different IP on the ISP's internal network, majority of people use it to get better/faster service packages from their providers, but it can be used for many things... lately there been lots of new developments on the community, especially with the SB5100 custom firmware, unfortunately more and more service providers upgrade to DOCSIS 3.0 that fixes a lot of those "holes" but I'm sure there will be a work around for those limitations too.

    If you're interested in learning how to mod your modem and get more knowledge of the cable network, you can visit
    hxxp://www.sbhacker.net/
    hxxp://www.theoryshare.com/

    I should note that its not sufficient to get a MAC addr that doesn't appear on your node, you also need to have the matching certificate for BPI auth and this can take some effort to get and it will require you to manually flash it onto the modems flash... ultimately if you manage to get it working it can provide you with around 9 different IP's daily and unlimited speed / bandwidth from your ISP, just change the MAC and your good as new. :)

    Hope it helps somebody.
     
  12. linkme

    linkme Regular Member

    Joined:
    Oct 26, 2009
    Messages:
    422
    Likes Received:
    135
    Occupation:
    teh Internets (since 1998)
    Location:
    Online
    lol @ this thread, ip spoofing has been around for years but it takes a bit more than people realize, you can spoof but it relies on a lot of technical knowledge and advanced concepts like working with the stack to see if it has predictable frame identifiers etc.

    to make it easier you can have relays on the spoofed ip's or such techniques as MITM.

    so considering you are asking the question.. no you cant!

    there is no scriptkiddie ip spoofing software that works to the best of my knowledge. If you are super keen for some reason, get a *nix based router with modifiable firmware and get reading about the tcp/ip stack ;)
     
  13. SharePro

    SharePro BANNED BANNED

    Joined:
    Sep 18, 2008
    Messages:
    156
    Likes Received:
    914
    In short, TCP/IP cannot be spoofed. Only UDP. Theoretically, p2p using udp protocol would be great for spoofing IP's cause nobody would know the origin of the files. It's like calling out (broadcasting) for a file on a bullhorn and servers reply with the file - yet using UDP - can spoof their origin. That's a great example of spoofing.

    But again, TCP/IP is not possible. Changing your modem or mac address does not change your IP address. Your ISP gives you the IP network address. It's external, not internal.
    Okay, this is f'n retarded. Why did you waste your time writing such bullshit?

    An ISP is like a apartment building address and your IP address is just a specific apartment within the apartment building. The router of the ISP is the mailman. You cant spoof the physical buildings address. All packets come to the ISP's router. The ISP is a network that distributes to you your IP address. You dont tell the ISP what IP you want. The radius server and dhcp/static configuration of the router is what defines your IP.

    Maximum you can play games with your own physical mailbox and make other tennants in the building think your address "1a" when your actually apartment "1b". That is where playing with Mac addresses can fit in. You can be in a office using a windows machine and if you clone your mac address, you can "steal" packets. In other words, steal packets intended for a different computer. Playing with Mac addresses is only good for hacking on a private network, not a public world wide web network.

    Stealing internet access via wireless pops, or sniffing networks, etc., is not to be confused with spoofing. Spoofing is making the destination think your source IP is something other than it really is.

    A good example of spoofing an IP address is so that you can upload music in Europe but make the RIAA think that the uploading/downloading is actually happening from the MPAA's or US Gov servers. That is total anonymity.

    Problem is that TCP/IP doesn't support it. Only UDP. But seriously - don't mislead readers with bullshit cause they read to learn. Unless you've got the experience, it's best to ask questions instead of write a bunch of misleading info.
     
    Last edited: Dec 6, 2009
  14. AternusW

    AternusW Newbie

    Joined:
    Aug 24, 2009
    Messages:
    29
    Likes Received:
    78
    As I noted above, I was talking about Cable internet providers, running the DOCSIS standard. Those networks use CMTS which is similar to DSLAM (RAS Server) divided into geographical areas where the cable network is spread.
    The whole concept behind uncapping is registering with a MAC address that doesn't appear on your local CMTS allowing to gain access to the internet.
    Unlike DSL, Cable networks use MPLS mechanism to route their traffic, due to fast performance and lower overhead compared to ATM's mechanism used by most of the DSL providers.
    The major flaw of MPLS is that you don't have as much visibility over the data for traffic management, and this where modded modems comes to play.

    For the majority of cable internet users you don't have the ability to get a new IP if you want to because the CMTS negotiates directly with the DHCP to assign a valid IP from the IP Pool (There are different dhcp servers depending on the diversity of ISPs available to a given cable network) by using your modems MAC address (The ISP's RADIUS server updates the CMTS's regularly with valid MAC addresses and their respective packages, also known as cable modem configuration files).

    In short, after the Cable modem send the dhcp discovery packet, the cmts passes it through to all the dhcp servers (much like different ISPs on a given cable network, although its inaccurate) available, but only the one who has the modems MAC address (sent in the CHADDR field of the dhcp offer packet) responds with a correct dcp offer, resulting in dhcp ack, the final phase of the registration.
    The RADIUS servers in this case, are used to make sure that there is no duplicates of MAC address, and making roaming a lot easier.

    Again, its not like sending a packet from IP X.X.X.X as a packet from X.X.X.Y rather than making you appear as somebody's else CPE, but its a great way to achieve what the OP has asked to do with the referrals.

    Think of it as of masquerading yourself as your neighbor. Most of ISPs provide up to 9 CPEs per MAC address, meaning you can get up to 8 different IPs registered under somebody else name without kicking him off the network.
     
    Last edited: Dec 6, 2009
  15. outlook

    outlook Newbie

    Joined:
    Feb 4, 2009
    Messages:
    4
    Likes Received:
    0
    wow.

    what did i unleash?

    i heartily apologize to all who provided an extremely detailed description. let me rephrase my question, because i think i've led people astray:

    there is a "download" category on this forum. how are people taking advantage of all these "downloads" without their IP address being tracked as the recipient of these "downloads" (that just happened to fall off the back of the truck, if you know what i mean....)????

    in addition, many products usually have some kind of verification to "call back home" after you have downloaded. obviously, if i got mine from the back of the truck, how do i get around this?

    i'm sure this is basic stuff that someone, somewhere on this forum has already answered (a sticky, perhaps)....i just can't find it.

    Can anyone help me?
     
  16. SharePro

    SharePro BANNED BANNED

    Joined:
    Sep 18, 2008
    Messages:
    156
    Likes Received:
    914
    Lets seperate the question. If its a case of web access, then the answer is simple. PROXYS. Use this --> http://www.torproject.org/

    However, if its a case of applicational software that doesn't necessarily require a web browser, yet automatically "calls home", then your going to need to learn how to edit the C:\windows\system32\drivers\etc\hosts file. Takes 2 minutes to learn.

    http://kickenhardware.net/forum/showthread.php?t=3006
    http://www.accs-net.com/hosts/how_to_use_hosts.html

    Cheers,
    ********
     
    • Thanks Thanks x 1
  17. outlook

    outlook Newbie

    Joined:
    Feb 4, 2009
    Messages:
    4
    Likes Received:
    0
    alrighty then!!

    thank you, share.

    btw, you've got the makings of a good business idea. a website gallery of famous people made to look like other unlikely famous people. george is a hoot. you could do a riff on the folks in government, for starters. then head to the entertainment world. then to the sports world (tiger as......never mind......). no telling where you could end up.

    i'd visit.

    might go viral. $$$$. (how many times--although he was damn cute--can you watch a kitty do "soooo big")
     
    Last edited: Dec 11, 2009
  18. nicktoast

    nicktoast Newbie

    Joined:
    Jun 5, 2009
    Messages:
    46
    Likes Received:
    8
    I don't think you can.. but I guess since you're asking this you aren't interested in proxies?