Oct 20th 2012, 19:21:41
IP Spoofing
IP spoofing is most frequently used in denial-of-service attacks. In such attacks, the goal is to flood the victim with overwhelming amounts of traffic, and the attacker does not care about receiving responses to the attack packets. Packets with spoofed addresses are thus suitable for such attacks. They have additional advantages for this purpose—they are more difficult to filter since each spoofed packet appears to come from a different address, and they hide the true source of the attack. Denial of service attacks that use spoofing typically randomly choose addresses from the entire IP address space, though more sophisticated spoofing mechanisms might avoid unroutable addresses or unused portions of the IP address space. The proliferation of large botnets makes spoofing less important in denial of service attacks, but attackers typically have spoofing available as a tool, if they want to use it, so defenses against denial-of-service attacks that rely on the validity of the source IP address in attack packets might have trouble with spoofed packets. Backscatter, a technique used to observe denial-of-service attack activity in the Internet, relies on attackers' use of IP spoofing for its effectiveness.
IP spoofing can also be a method of attack used by network intruders to defeat network security measures, such as authentication based on IP addresses. This method of attack on a remote system can be extremely difficult, as it involves modifying thousands of packets at a time. This type of attack is most effective where trust relationships exist between machines. For example, it is common on some corporate networks to have internal systems trust each other, so that users can log in without a username or password provided they are connecting from another machine on the internal network (and so must already be logged in). By spoofing a connection from a trusted machine, an attacker may be able to access the target machine without an authentication.
---------------------------------------------------------------
It would seem many facts have been missing from the case of PDM's deleted site. A lot of information was not shared with the masses. Many questions would have been raised if it had.
The finger of blame was formly pointed at PDM Head Lostmonk for the deletion PDM's hosting site, this much is known by us all. But there are some questions that have yet to have been asked.
From the moment the culprit was revealed as Lostmonk I questioned what his motive was, there was absolutely no sense in it being him. I am not overally friendly with Lostmonk however he is a person that I believe has integrity, he has been the first in line to criticize bad decisions other people have made (myself included) and genuinely seems to have a grasp of right and wrong. I'd say he has largely been an upstanding member of the community.
But the finger was pointed at him and many seemed happy to accept that he had done the crime. Certain details were missed out though...
On the Boxcar logs at the time of the PDM site being deleted, Lostmonks account was accessed by 2 different IP's.
lostmonkpdm 68.xx.xxx.xx Sep 24, 2012 6:48 AM 1
lostmonkpdm 204.45.xxx.xx Sep 24, 2012 6:48 AM 0
lostmonkpdm 204.45.xxx.xx Sep 24, 2012 6:48 AM 0
lostmonkpdm 204.45.xxx.xx Sep 24, 2012 6:48 AM 1
lostmonkpdm 68.xx.xxx.xx Sep 24, 2012 6:37 AM 1
68.xx.xxx.xx does indeed belong to lostmonk, 204.45.xxx.xx however is an IP frequently used by IvanWAR and alley (his wife). What possible explaination is there for a SoF Head (at that time) accessing a PDM Heads account? I don't know.
(20:45:40) (pang) it's ivan's ip
(20:45:41) (pang) lol
(20:45:48) (pang) 204.45.xxx.xx
(20:45:48) (pang) lol
(20:45:56) (pang) him + alley have logged in from it a lot apparently?
Furthermore pang discovered this himself, yet there was no mention of it during his post outing Lostmonk. Why is that pang?
Lostmonk pleaded his innocence claiming he was not even online for 2 days, but it seems his pleading was ignored. Would it technically be possible for Lostmonk to pretend to be Ivan through the use of IPs? According to what I have just read about IP Spoofing. Yes. Would it be technically possible for Ivan to pretend to be Lostmonk through the use of IPs? Again yes.
Now I am not claiming Ivan is some sort of hacking mastermind however he has had the benefit of having Hanlong to talk to in SoF recently and I think at least a handful of people have had the suspicion of SoF DDOSing the game at times when they have been FS'ed in the past so its possible that there are more technically minded people among the idiots of SoF.
Pang; Why was this seemingly brushed under the carpet? A desire to avoid another full blown cheating scandal?
Maybe Lostmonk is guilty. Maybe he has tried to setup Ivan. I personally believe not. I think it is in the interest of the game to have another witch hunt. Theres something shady going on!
CLIFFNOTES
Lostmonk deleted PDM's boxcar site?
Ivans IP flags up as accessing Lostmonks Boxcar account at time of the deletion
Pang says nothing
IP spoofing is most frequently used in denial-of-service attacks. In such attacks, the goal is to flood the victim with overwhelming amounts of traffic, and the attacker does not care about receiving responses to the attack packets. Packets with spoofed addresses are thus suitable for such attacks. They have additional advantages for this purpose—they are more difficult to filter since each spoofed packet appears to come from a different address, and they hide the true source of the attack. Denial of service attacks that use spoofing typically randomly choose addresses from the entire IP address space, though more sophisticated spoofing mechanisms might avoid unroutable addresses or unused portions of the IP address space. The proliferation of large botnets makes spoofing less important in denial of service attacks, but attackers typically have spoofing available as a tool, if they want to use it, so defenses against denial-of-service attacks that rely on the validity of the source IP address in attack packets might have trouble with spoofed packets. Backscatter, a technique used to observe denial-of-service attack activity in the Internet, relies on attackers' use of IP spoofing for its effectiveness.
IP spoofing can also be a method of attack used by network intruders to defeat network security measures, such as authentication based on IP addresses. This method of attack on a remote system can be extremely difficult, as it involves modifying thousands of packets at a time. This type of attack is most effective where trust relationships exist between machines. For example, it is common on some corporate networks to have internal systems trust each other, so that users can log in without a username or password provided they are connecting from another machine on the internal network (and so must already be logged in). By spoofing a connection from a trusted machine, an attacker may be able to access the target machine without an authentication.
---------------------------------------------------------------
It would seem many facts have been missing from the case of PDM's deleted site. A lot of information was not shared with the masses. Many questions would have been raised if it had.
The finger of blame was formly pointed at PDM Head Lostmonk for the deletion PDM's hosting site, this much is known by us all. But there are some questions that have yet to have been asked.
From the moment the culprit was revealed as Lostmonk I questioned what his motive was, there was absolutely no sense in it being him. I am not overally friendly with Lostmonk however he is a person that I believe has integrity, he has been the first in line to criticize bad decisions other people have made (myself included) and genuinely seems to have a grasp of right and wrong. I'd say he has largely been an upstanding member of the community.
But the finger was pointed at him and many seemed happy to accept that he had done the crime. Certain details were missed out though...
On the Boxcar logs at the time of the PDM site being deleted, Lostmonks account was accessed by 2 different IP's.
lostmonkpdm 68.xx.xxx.xx Sep 24, 2012 6:48 AM 1
lostmonkpdm 204.45.xxx.xx Sep 24, 2012 6:48 AM 0
lostmonkpdm 204.45.xxx.xx Sep 24, 2012 6:48 AM 0
lostmonkpdm 204.45.xxx.xx Sep 24, 2012 6:48 AM 1
lostmonkpdm 68.xx.xxx.xx Sep 24, 2012 6:37 AM 1
68.xx.xxx.xx does indeed belong to lostmonk, 204.45.xxx.xx however is an IP frequently used by IvanWAR and alley (his wife). What possible explaination is there for a SoF Head (at that time) accessing a PDM Heads account? I don't know.
(20:45:40) (pang) it's ivan's ip
(20:45:41) (pang) lol
(20:45:48) (pang) 204.45.xxx.xx
(20:45:48) (pang) lol
(20:45:56) (pang) him + alley have logged in from it a lot apparently?
Furthermore pang discovered this himself, yet there was no mention of it during his post outing Lostmonk. Why is that pang?
Lostmonk pleaded his innocence claiming he was not even online for 2 days, but it seems his pleading was ignored. Would it technically be possible for Lostmonk to pretend to be Ivan through the use of IPs? According to what I have just read about IP Spoofing. Yes. Would it be technically possible for Ivan to pretend to be Lostmonk through the use of IPs? Again yes.
Now I am not claiming Ivan is some sort of hacking mastermind however he has had the benefit of having Hanlong to talk to in SoF recently and I think at least a handful of people have had the suspicion of SoF DDOSing the game at times when they have been FS'ed in the past so its possible that there are more technically minded people among the idiots of SoF.
Pang; Why was this seemingly brushed under the carpet? A desire to avoid another full blown cheating scandal?
Maybe Lostmonk is guilty. Maybe he has tried to setup Ivan. I personally believe not. I think it is in the interest of the game to have another witch hunt. Theres something shady going on!
CLIFFNOTES
Lostmonk deleted PDM's boxcar site?
Ivans IP flags up as accessing Lostmonks Boxcar account at time of the deletion
Pang says nothing
Edited By: BattleKJ on Oct 20th 2012, 19:40:51
See Original Post
See Original Post