Jump to content

Cloning IP addresses, possible?


PhoenixOfWater

Recommended Posts

Hi, I been a long time fan of hak5 but this is the first time I posted here.

So, here is the short version:

Is there a way to clone IPs? I'm not looking on how to do this, I just want to know if it's possible to do something like this.

Long version:

There is a member of my forums that I manage, who is being harassed by a poster. After blocking the poster and looking into the IP, they all point back to her, or someone on her network. I'd like to think that she not lying to me and she is not the one doing it.

After asking a bit about her network, it's all wired and only her family uses it. Her network is firewalled and has an up to date anti-virus. No open ports that I could find with my limited knowledge.

I tried looking around on Google to see if cloning IPs are possible, but I couldn't find anything really useful. My understanding of TCP/IP is that all IPs are unique, but I could be wrong.

If cloning IP addresses is not possible, what other possibilities are there as to why her IP address is the same as the harasser.

Thanks for the help!

Link to comment
Share on other sites

In the context of a forum (meaning tcp connections) spoofing of IP addresses is not possible.

It is possible that her computer has a trojan on it and a troll is using her computer to create havoc.

Thanks for the reply Sparda,

As far as the trojan, she claims that her anti-virus is all up todate and she is running a firewall but I don't know.

Still maybe a possibility and something to keep in mind.

But, as for as my original question, you confirmed what I was thinking. Thank you!

Link to comment
Share on other sites

You can't clone an IP address... But you can use somebody elses ;)

Depends what you are doing. It is possible to spoof IP addresses and MAC addresses, but both only work in particular context. In the context of a web site IP spoofing does not work.

Link to comment
Share on other sites

  • 1 month later...
In my Security: Firewalls Class, The teacher said that it WAS possible to clone a IP but wouldn't give us any details.

I do refer the good gentlemen to my previous response.

Depends what you are doing. It is possible to spoof IP addresses and MAC addresses, but both only work in particular context. In the context of a web site IP spoofing does not work.
Link to comment
Share on other sites

If I want to "hide" inside a network. Can I set the IP as another machine in the network and use the

same "computer name" ? Or what is a good method hiding inside a network. For instance if I want to packet sniff on my neighbours wireless network... Just for the knowledge guys..

Link to comment
Share on other sites

If I want to "hide" inside a network. Can I set the IP as another machine in the network and use the

same "computer name" ? Or what is a good method hiding inside a network. For instance if I want to packet sniff on my neighbours wireless network... Just for the knowledge guys..

Don't connect to their network. Detection is now impossible.

Link to comment
Share on other sites

If I want to "hide" inside a network. Can I set the IP as another machine in the network and use the

same "computer name" ? Or what is a good method hiding inside a network. For instance if I want to packet sniff on my neighbours wireless network... Just for the knowledge guys..

Well, if you know a routers range for setting addresses, say its 192.168.1.something-something, and each person who uses this network has static IP settings, IE, they use windows to set their IP address, bypassing DHCP, you could assign yourself any IP Address on the router, so long as it was not in use. This doesn't do anything though other than assign you an available address from the router.

If sniffing traffic on a certain IP from the router is your objective, you would need to do either a MITM Attack under windows in combination with Wireshark, or put your wireless card into Monitor Mode under linux and then fireup Wireshark to capture all the packets.

Spoofing your IP, MAC Address and PC Netbios name do nothing to capture packet traffic but it can make you look like a normal/trusted user on the wireless network if someone else's pc has those same settings and their connection is not in use when you try to connect.

Don't connect to their network. Detection is now impossible.
- LOL
Link to comment
Share on other sites

As far as the trojan, she claims that her anti-virus is all up todate and she is running a firewall but I don't know.

Still maybe a possibility and something to keep in mind.

Up to date AV doesn't alway protect the user, especially if they are into warez or pirrrrrating software. The source code of the Trogan/RAT is pretty much kept secret to the individual who made it, and when AV does pick it up they can change a few lines and it will work again.

I would tell her to monitor her network traffic for anything unusual and scan for open ports.

Link to comment
Share on other sites

What's so funny?

It's only "now" possible, as in, it never was until "now". Like as if you tipped them off or something, so now they are sitting there, waiting for him to connect. It just sounded funny.

Detection was always possible. When you login to a router, you can see any connected devices Client Hostname, MAC and IP Address.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...