Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spoof Attack


  • Please log in to reply

#1
anneaceae

anneaceae

    New Member

  • Member
  • Pip
  • 3 posts
I found this in my D-Link wireless router log :

"Spoof Attack fromd MAC(00-08-74-E5-7A-39) Detect,

Target IP(206.46.xxx.xx), Target Port(110) Packet Dropped

Spoof IP(192.168.x.xxx), Spoof Port(2565)" :tazz:

What is this all about? I don't recall ever seeing this in the log before. If it's some kind of hacker thing how do I stop it?

Fairly new to this wireless thing - so some info would be great!

thanks
anneaceae
  • 0

Advertisements


#2
SoccerDad

SoccerDad

    Member

  • Member
  • PipPipPip
  • 190 posts

What is this all about? I don't recall ever seeing this in the log before. If it's some kind of hacker thing how do I stop it?

Fairly new to this wireless thing - so some info would be great!

thanks
anneaceae

View Post

Hi anneaceae, welcome to Geeks to Go! Assuming the spoof attack was correctly identified by your D-Link (not alot to be gained by trying to get at port 110 via spoofing other than an attempt to get your email...even if sucessful, one would have to crack a username/password here to continue so it's possible that your D-Link has misidentifed the event), here is the Readers Digest condensed version: the 192.168.x.xxx address that you noticed is one of a small set of IP addys that are reserved for private internal use and as a result are not routable on the global Internet. Bottom line: you can't use one of these IP's to get anywhere on the 'net. However, if one can pretend to be one of these IP's, it's possible to gain access to an internal network. Hence the spoofing: looking like something they're not.

Most, if not all, routers/firewalls will detect this kind of behaviour since a private IP should NEVER be coming from the outside world to your network. Your D-Link is obviously capable of detecting this kind of probe, so you have nothing to worry about.

Hope this helps!
cya, SD
  • 0

#3
anneaceae

anneaceae

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
One or two more questions...

You said "Assuming the spoof attack was correctly identified", what else would cause the router to log a spoofing attack?

If someone on my private network was trying to access my email, like a nosey room mate trying to master his hacking skill, would that show up in the log?

Thanks
Anneaceae
  • 0

#4
SoccerDad

SoccerDad

    Member

  • Member
  • PipPipPip
  • 190 posts
Hi anneaceae!

Routers, firewalls, and computers are really quite good at identifying events that happen on them, and accurating recording a log if configured to do so. Sometimes however, things get misidentified. Reasons for this are beyond the scope of this thread, but here is a general example to address the concept: SPAM filtering. A well configured SPAM filtering system will nail truckloads of SPAM coming thru a mail server, or arriving in a mail box. From time to time however, some SPAM will get thru as well as some legit messages getting marked as SPAM (false positive). Same type of thing with packet/data logging.

As for your second question: no, generally not. The mail server he/she is trying to get into would have lots of logs with incorrect user/pass combos, but getting your email from an outside server (port 110 if using POP3 which most home users do) would be considered legitimate traffic by your router.

Hope this helps!
cya, SD
  • 0

#5
anneaceae

anneaceae

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
:tazz: That clears it all up for me! (At least on this topic)

Thanks again for your help!
Anneaceae
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP