1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ip spoofing

Discussion in 'HyperWRT Firmware' started by lol24h, Dec 29, 2006.

  1. lol24h

    lol24h Network Guru Member

    I hope it's right place to ask you all.
    My crappy windows firewall (Agnitum Outpost Firewall) tells me about frequently spoofing attacks, it's annoying, 'cause this stupid app blocks entire communication with my ap-router WRT54G. It claims the router is the attacker.
    2006-12-28 19:49:22 IP Spoofing 192.168.1.1 00-13-10-1F-3F-C2
    2006-12-28 19:40:06 IP Spoofing 192.168.1.1 00-13-10-1F-3F-C2
    2006-12-28 19:39:39 IP Spoofing 192.168.1.1 00-13-10-1F-3F-C2
    2006-12-28 19:37:41 IP Spoofing 192.168.1.1 00-13-10-1F-3F-C2
    2006-12-28 19:21:06 IP Spoofing 192.168.1.1 00-13-10-1F-3F-C2
    2006-12-28 19:19:56 IP Spoofing 192.168.1.1 00-13-10-1F-3F-C2
    2006-12-28 19:19:08 IP Spoofing 192.168.1.1 00-13-10-1F-3F-C2
    2006-12-28 19:17:44 IP Spoofing 192.168.1.1 00-13-10-1F-3F-C2
    2006-12-28 19:14:45 IP Spoofing 192.168.1.1 00-13-10-1F-3F-C2
    2006-12-28 19:14:27 IP Spoofing 192.168.1.1 00-13-10-1F-3F-C2



    I've cheched if I could change ip and mac adress of my wlan interface, then I can't undestand which interface is which.
    Code:
    # ifconfig
    br0        Link encap:Ethernet  HWaddr 00:13:10:1F:3F:C2
              inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:49890 errors:0 dropped:0 overruns:0 frame:0
              TX packets:50624 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:15491830 (14.7 MiB)  TX bytes:19091059 (18.2 MiB)
    
    eth0       Link encap:Ethernet  HWaddr 00:13:10:1F:3F:C2
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:69633 errors:0 dropped:0 overruns:0 frame:0
              TX packets:52830 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:100
              RX bytes:21099596 (20.1 MiB)  TX bytes:18274388 (17.4 MiB)
              Interrupt:5 Base address:0x2000
    
    eth1       Link encap:Ethernet  HWaddr 00:13:10:1F:3F:C4
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:47954 errors:0 dropped:0 overruns:0 frame:2393
              TX packets:48647 errors:61 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:100
              RX bytes:15897742 (15.1 MiB)  TX bytes:17939757 (17.1 MiB)
              Interrupt:4 Base address:0x1000
    
    lo         Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
    
    vlan0      Link encap:Ethernet  HWaddr 00:13:10:1F:3F:C2
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:1936 errors:0 dropped:0 overruns:0 frame:0
              TX packets:3557 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:273426 (267.0 KiB)  TX bytes:1944719 (1.8 MiB)
    
    vlan1      Link encap:Ethernet  HWaddr 00:04:61:5A:57:BB
              inet addr:84.40.178.169  Bcast:84.40.178.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:67697 errors:0 dropped:0 overruns:0 frame:0
              TX packets:49273 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:19572776 (18.6 MiB)  TX bytes:16329669 (15.5 MiB)
    
    in reference to this :
    Code:
    # nvram show |grep 00:13:10
    et0macaddr=00:13:10:1F:3F:C2
    lan_hwaddr=00:13:10:1F:3F:C2
    get_mac=00:13:10:1F:3F:C2
    size: 15927 bytes (16841 left)
    wl0_hwaddr=00:13:10:1F:3F:C4
    
    wlan interface should be eth1, right ?
    Are there mac adresses correct ? I wonder if someone messed up there.

    In case all is right, what should I do to prevent these attacks ?
     
  2. ifican

    ifican Network Guru Member

    br0 is your router interface wether it be for the wireless or wired client. Outpost firewall is actually a pretty good product, in essense it is correct in telling you that your router is spoofing an ip as that is what it is doing via NAT. There should be a setting within the firewall application that lets you either tell the application to trust that ip or ignore spoofing from it.
     
  3. lol24h

    lol24h Network Guru Member

    yes, but it so suspicious that it doesn't happen all the time, but in some period of time. I'm not yet so tcp/ip communication-aware, but according to your words, it should warn me always when I'm connected.
    Am I right ?
     

Share This Page