Showing posts from 2001

Honeynet Challenge Submission

I recently worked on a Forensic Challenge and learnt a lot during the investigation. I hope the copy of document I posted HERE can be of some help to you too. Update: The results can be found here. I was a little dissapointed that I didn't make it to the top three, but the experience itself was worth the effort.

Spoofing IP Addresses

TCP/IP is a protocol which has a long history of stabalization. The protocol which has come a long way since it first began is said to be almost perfect for the internet. However there are a few flaws in this protocol which have been recogonised as security hazards. IPv4's next version IPv6 addressess these issues effectively, but IPv6 has a long way to go before its implemented around the world. This article would give an insight to a IP loophole which allows "spoofing". Internet uses TCP/IP for all its communication. IP is a connectionless protocol on which TCP runs for reliable connection oriented protocols. Protocols like telnet,ftp,pop,smtp etc are all connection oriented and others like talk,icp,icq,dns etc use ip datagrams only. To start a TCP which is supposed to be much more secure and reliable, the server and client goes under what is known as "three way hand-shake". If you look at a simple telephone conversation initialization, the dialing of number c