Announcement

Collapse
No announcement yet.

tell me what you think

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    tell me what you think

    I need your oppinion on my idea here, Sorry for my english but english is not my native laguage,
    but anyways here is my plan:
    If i have a database over some servers lets say google, amazon and soo on and theyr ip and mac address (lets call those servers "Server A"), then I make a sniffer that sniffs outgoing packages
    from my computer (lets call my computer "C" and the server I'm connecting "B"), the sniffer looks for my ip in those packages and replases it with the ip of "Server A",in a given interval the program takes a random ip and mac address from the database to be used to replase my ip in the outgoing packages, then i make a spoof betwean A and B so I can get the feedback from server "B", would that work as an "ip hider"?, is it done before? is it posible? or is this idea retarded?, wants your oppinion before i (probably) wastes houers of coding on this project.
    Tags: None
  • #2
    Originally posted by annathor
    If i have a database over some servers lets say google, amazon and soo on and theyr ip and mac address (lets call those servers "Server A"),
    Having the MAC Address of server on the internet but not on your Subnet or collision domain does not do much for you. As soon as your IP packets traveling over your chosen Layer 2 protocol gets to the next hop (router) your layer 2 protocol frame is "lost" and its payload (IP) gets packaged in another layer 2 protocol with a new src and dst MAC Address.
    MAC Address obfuscation is really only useful on a local subnet/collision domain, and even then, will more likely break things, and/or be detectable as odd behavior to cause you to get noticed on networks where they are security conscious.

    then I make a sniffer that sniffs outgoing packages
    from my computer (lets call my computer "C" and the server I'm connecting "B"), the sniffer
    A better word than "sniffer" for what you describe would be a "proxy" or "address translator" or maybe "Network Address Translator"

    looks for my ip in those packages and replases it with the ip of "Server A",in a given interval the program takes a random ip and mac address from the database to be used to replase my ip in the outgoing packages,
    Many ISP disallow packets with SRC addresses not from the ISP from leaving the ISP, and will block incoming DST addresses not on their network.
    Some colocation providers allow address obfuscation (or at least don't disallow it. ;-)

    then i make a spoof betwean A and B so I can get the feedback from server "B",
    Here is the tough part. How do you get back the traffic from the destination, if the source address (yours) is is changed to another? At some point in time, your IP address (or one on your subnet if you are tricky) has to be included in a header so that your get the packets in replies.
    How do the routers know to send traffic back to you if they do not have your real IP Address?

    Once you describe how replies get back to you, then you also have something to examine for how your traffic can be traced back to you. Will it stand up to examination?

    would that work as an "ip hider"?, is it done before? is it posible? or is this idea retarded?, wants your oppinion before i (probably) wastes houers of coding on this project.
    I do not see how it would work. How would the replies get back to you? If the host (or NAT BOX/CSS/*Router/*Gateway) builds unique session keys based on the SRC/DST IP Addresses, SRC/DST port numbers and when TCP ise used the SYN/ACK numbers, changing the IP Address mid-stream may be problematic and break things.

    Comment

    • #3
      thank you

      thank you for your fast and informative reply. so its then a new prodject in my abanddon box (or drawing board). whell it was worth a shoot.

      Comment

      Previous template Next
      Working...
      X