openSUSE Forums > Archives > SF Archives > ARCHIVES - Network/Internet » Ip Spoofing And Ssh

Go Back   openSUSE Forums > Archives > SF Archives > ARCHIVES - Network/Internet
Reload this Page Ip Spoofing And Ssh
Forums FAQ Members List Search Today's Posts Mark Forums Read


ARCHIVES - Network/Internet Questions regarding network or Internet configuration and use in SUSE Linux

 
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 11-May-2008, 10:51
MikeP
Guest
  
Posts: n/a
Default
I set up ssh and my router to allow remote login into my machine. Upon viewing the logs I have found numerous different people attempting to gain access to my computer through ssh. While I realize it is unlikely that they will get in (since my user name is nothing common like test, mike, or admin) I'm generally a very cautious person and I am not happy allowing these attacks to go on.

In order to prevent these attacks, this is the plan I have developed:

I can modify the hosts.allow and hosts.deny files to let in only one ip address such as 83.32.99.101. The computer will deny all other IPs. The IP address is totally irrelevant as long as I know what it is. Then, from anywhere I am, I can spoof my ip address so that to my computer, my IP appears as 83.32.99.101. Its almost like having a second password that no one knows to look for.

The problem is that I don't know much about IP spoofing, I don't know if this would work, and I can't find any information about how to spoof your IP address. Can someone please point me towards a guide on how to spoof your ip? Additionally, what tools are available for Linux that allow or provide ip spoofing capabilities?


Thanks
Mike
  #2 (permalink)  
Old 11-May-2008, 11:43
69_rs_ss
Guest
  
Posts: n/a
Default
Personally I think that is too overcomplicated. I'd rather just disable root login, change the port to something non-standard, set up key authentication and disable password. Lastly add something like denyhosts to block multiple failed attempts. All but the last option can be set up through the /etc/ssh/sshd_config file.
  #3 (permalink)  
Old 11-May-2008, 11:50
MikeP
Guest
  
Posts: n/a
Default
With regards to disabling root login, I have PermitRootLogin set to no, but I am still able to log in as root from a remote location. I don't know if theres something else I have to set as well.

If root login is correctly disable and i attempt to log in as root remotely, will it still prompt for a password and just not let me in or will it deny me outright?


Regardless, some information on how to spoof an IP address would be useful. I'm learning about penetration testing and I need to be able to spoof IP address in order to test if a machine is vulnerable to that sort of attack.

Thanks,
Mike
  #4 (permalink)  
Old 11-May-2008, 17:18
ken_yap
Guest
  
Posts: n/a
Default
Why not forget about this kind of mucking around with IP spoofing and just use public key pairs for authentication? That's far more secure than just a password. If you can carry around the software to spoof IPs (assuming it can be done, you might as well carry around a ssh client and your key).

Sorry, don't ask me about IP spoofing, you'd have to hang out with crackers.
  #5 (permalink)  
Old 11-May-2008, 22:03
MikeP
Guest
  
Posts: n/a
Default
I guess its a little complex. Thanks anyway guys.
 

Bookmarks

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



Contact Us - openSUSE Forums - Archive - Privacy Statement - Top
© 2007 Novell, Inc. All Rights Reserved. This site uses the YAML CSS framework. All times are GMT -6. The time now is 13:14.
About openSUSE | Disclaimers | Feedback

Founded by Novell
 

Search Engine Friendly URLs by vBSEO 3.3.0 RC2