Best IP Spoofing defense?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Nick
    Registered User
    • Jan 2001
    • 259

    #1

    Best IP Spoofing defense?

    IP Spoofing: A technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.

    The http protocol was not designed for security..
    I played a basic IP spoofer & it scared the shit out of me..
    TONS of sites/video feeds are indeed insecure..

    What is the best defense?

    No Replies.. hmmm.. I didn't think there would be any.. Looks like a fix-it script would make bank!!!

    The huge security holes remind me of what started all the password sites..
    Last edited by Nick; 04-08-2003, 08:37 AM.
  • buran
    Confirmed User
    • Mar 2002
    • 264

    #2
    Just ignore ip source-routes in all your packets, have the routers do their damn job.

    How would IP spoofing make video viewable? Are you sure you're not thinking of HTTP Referer spoofing?

    b.
    [this signature intentionally left blank]

    Comment

    • Nick
      Registered User
      • Jan 2001
      • 259

      #3
      Are you sure you're not thinking of HTTP Referer spoofing?
      Yes that's what I meant..

      Comment

      • buran
        Confirmed User
        • Mar 2002
        • 264

        #4
        Well there's a goddamn big difference between the two.

        Yes, http referring spoofing is a problem. There are solutions, but like most things HTTP related they're ugly. Your best option is to setup and use transparent session handling, like PHP does native since PHP4. (or was it 3?) If the user has cookies disabled all your URL's are rewritten to include the sessionid in the request.

        No HTTP referer checking for intra-site authentication is just stupid. The real problem is in inter-site handoffs of authenticated users. This is problem which still needs a proper solution.
        [this signature intentionally left blank]

        Comment

        • JDog
          Confirmed User
          • Feb 2003
          • 7453

          #5
          Originally posted by Nick

          What is the best defense?

          No Replies.. hmmm.. I didn't think there would be any.. Looks like a fix-it script would make bank!!!

          The huge security holes remind me of what started all the password sites..
          There is no real defense. What I had to do for our plugin page, is make a lock and key script. I made a script that made a md5 encrypted hash. It had the users class c ip address and then it took the day of the month (30) and the hour (1-24). And the script is put on the clients computer ie, teeniestars.com and then when ever a user clicks on that script it makes the hash and sends it over in a variable userid and when they get to our server, our server takes that information, the class c, hour and day of the month and md5 and compare both of them. That way nobody could have the same identical user id's at the same time. HTTP Referering doesn't work. Not every browser sends the same referer information. Some don't send any information at all. So that isn't the best way to go.

          JDog
          NSCash now powering ReelProfits.com
          ALSO FEATURING: NSCash.com :: SoloDollars.com :: ReelProfits.com :: BiminiBucks.com :: VOD
          PROGRAMS COMING SOON: Greedy Bucks :: Vengeance Cash
          NOW OFFERING OVER 60 SITES
          CONTACT :: JAMES SMITH :: CHIEF TECHNOLOGY OFFICER :: ICQ (711385133)

          Comment

          • NetRodent
            Confirmed User
            • Jan 2002
            • 3985

            #6
            Referrer based authentication is just plain stupid. Especially if your feed suppier charges you for bandwidth. Unfortunately most suppliers and customers seem more concerned with ease of setup than security.

            Holio used to offer (and may still) a token based authentication system for some of their feeds (but you had to ask for it). If I recall correctly, you had to pass your account number, the current time, and a hash of the preceeding and a shared secret. Seemed to work pretty well.
            "Every normal man must be tempted, at times, to spit on his hands, hoist the black flag, and begin slitting throats."
            --H.L. Mencken

            Comment

            • JDog
              Confirmed User
              • Feb 2003
              • 7453

              #7
              It works great for us. We have not been hacked once, since I programmed the new security just over a year ago. It works great. I would never go with referers. HTTP spoofing is so easy. We use to get hacked all the time.

              JDog
              NSCash now powering ReelProfits.com
              ALSO FEATURING: NSCash.com :: SoloDollars.com :: ReelProfits.com :: BiminiBucks.com :: VOD
              PROGRAMS COMING SOON: Greedy Bucks :: Vengeance Cash
              NOW OFFERING OVER 60 SITES
              CONTACT :: JAMES SMITH :: CHIEF TECHNOLOGY OFFICER :: ICQ (711385133)

              Comment

              • buran
                Confirmed User
                • Mar 2002
                • 264

                #8
                JDog, have you had any problems with getting your client to implement it? How much work is involved for you on ever new client?

                Presumably you have a private key involved, or what stops someone from taking your description above and h4x0ring it now?

                IGallery now offers this setup on their feeds as well.

                b.
                [this signature intentionally left blank]

                Comment

                • p00p
                  Confirmed User
                  • Dec 2002
                  • 5125

                  #9
                  Check this out.
                  http://www.paysitepowertools.com/os-multimodauth.html

                  This guy posts on here, but doesn't seem to push his software. It seems like a valid solution, although the price sucks ass. On the other hand, anyone using referrer based protection knows what a PITA it can be. Especially with surfers who's ISP blocks referral headers. ;) So the price may be reasonable if your have enough bitchy members, and referral spoofers.
                  ICQ: 316365783
                  <a href="http://www.hostultra.com/~p00p" target="_blank">TEST</a>

                  Comment

                  • JDog
                    Confirmed User
                    • Feb 2003
                    • 7453

                    #10
                    Originally posted by buran
                    JDog, have you had any problems with getting your client to implement it? How much work is involved for you on ever new client?

                    Presumably you have a private key involved, or what stops someone from taking your description above and h4x0ring it now?

                    IGallery now offers this setup on their feeds as well.

                    b.
                    buran,

                    It is my own secret key with the elements involed, I do have other things that multiply into the hash, which I'm not going to post the exact hash here. But with every new client all I have to do is edit the one line of the script that I made for clients before I give it to them. The perl script that I made is aprox 12 lines. If the client wants a php script, it is aprox 3 lines. I think I implemented this in about 1 days work. And the whole program works. If you want to catch me online, my ICQ is 177385133. I will let you know more, but for security reasons, I won't go into details about my script.

                    JDog
                    NSCash now powering ReelProfits.com
                    ALSO FEATURING: NSCash.com :: SoloDollars.com :: ReelProfits.com :: BiminiBucks.com :: VOD
                    PROGRAMS COMING SOON: Greedy Bucks :: Vengeance Cash
                    NOW OFFERING OVER 60 SITES
                    CONTACT :: JAMES SMITH :: CHIEF TECHNOLOGY OFFICER :: ICQ (711385133)

                    Comment

                    • Nick
                      Registered User
                      • Jan 2001
                      • 259

                      #11
                      Icqin' u shortly Jdog

                      Comment

                      Working...