Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [spoofing]

Spoofing is an activity when a person or program try to impersonates itself as another.

Spoofing can be used to gaining an illegitimate advantage by masquerading itself as legitimate party. Some common spoofing are:

  1. IP Spoofing: Special crafted TCP/IP packet with forged source IP address. It can be used to perform DOS attack by sending it to "open" NTP/DNS server.
  2. ARP Spoofing: Special crafted ARP reply messages with forged MAC Address. It can be used to perform MITM attack.
  3. Email Spoofing: Special crafted email with forged sender address and/or forged email header. It can be used to perform phising or spamming.

Another spoofing activities are: HTTP header spoofing, Caller ID spoofing, GPS spoofing and others.

125 questions
1
vote
1 answer

Preventing Email Spoofing

I use Google Apps with my domain. Recently, we have begun to receive spam that gets past Google's spam filters. They are from our own email addresses. I am wondering how to prevent this kind of email spoofing. We use an SPF record with the "~all"…
Donald T
  • 183
  • 4
1
vote
1 answer

Duplicate traffic while spoofing an interface

to sum up my issue, I have a linux router that has 3 network interfaces: a wlan interface acting as a DHCP server, upon which I manage the device, not in the scope of this question. a lan interface, which is linked to the eth0 device (ethernet…
Joy
  • 11
  • 2
1
vote
2 answers

How to block spoofed mail from *.host.com

I'm currently running a centOS server with directadmin and custombuild. I keep getting spoofed phishing mails with spoofed from addresses that have SPF setup properly. Spamassassin gives it a score 1.8, probably because the mail seem legit and other…
user3411864
  • 131
  • 3
1
vote
2 answers

Possibilities to protect network traffic in datacenter without adding much latency

I am looking for possibilities (and their pros and cons) for protecting network traffic of the components of a a time-critical application in a data center. The aim is minimizing the damage an attacker can cause if he manages to compromose a VM. It…
Hauke Laging
  • 5,285
  • 2
  • 24
  • 40
1
vote
1 answer

first step to combat display name spoofing on postfix

lately we receive a lot of display name spoofed emails in our company, impersonating customers and suppliers. Since my co-workers unfortunately do not pay too much attention to security warnings, etc. I could not rely on them being aware of the…
user3292312
  • 31
  • 2
0
votes
2 answers

What is the point of a bot spoofing various ancient user agents while "GET / HTTP/1.1"?

I found the following interesting traffic in my apache log: 213.159.213.236 - - [16/Dec/2019:03:02:03 -0500] "GET / HTTP/1.1" 200 3797 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FSL 7.0.7.01001)" 213.159.213.236 - -…
Logg
  • 103
  • 2
0
votes
1 answer

How to use my router's Mac Address on Pfsense installed on Esxi

My ISP bind my router's Mac address so only this router can connect to their pppoe server, now I want to connect it on Pfsense installed on Esxi for better configuration options but pppoe server is not connecting on pfSense probably because of Mac…
Uzair Ali
  • 113
  • 1
  • 7
0
votes
0 answers

Outlook Inbox after spoofing attack is empty. Incoming mails not coming through in Inbox

Supposedly, a spoofing mail was sent to a internal and hundreds of external people from our user's account last Wednesday. Since Friday afternoon, her Outlook Inbox is shown empty and she is not able to receive incoming mails since then. Outgoing…
ITguy
  • 1
0
votes
0 answers

Many requests over port 445 on Ubuntu VPS, what could it mean?

I own a small VPS hosted by Hetzner on which i run a small Minecraft game server. The VPS is running on Ubuntu, and the only software i installed are Java JRE and the required software to run a Minecraft game server (+ additional plugins). I ran a…
Leonardo Fiori
  • 1
0
votes
0 answers

Is there a way to reserve a tcp port for an executable on a Linux Server?

I am designing a security policy for a server program on Linux. I wish to reserve a tcp port number-say 8888, to and only to that executable of the program to listen to. Then I could turn the program files as r-x in nosudo user and allow only the…
George Y
  • 528
  • 6
  • 16
0
votes
1 answer

Firewall block all but one ip spoofing

We have a server which accepts traffic coming from a few sources (ip addresses) and accept's it (using firewalld). All other traffic inbound is blocked. How likely is the risk that somebody successfully get through the firewall by spoofing one of…
user1470265
  • 11
0
votes
2 answers

Redirect purely LAN communication to a different interface and port (Linux)

I have the following situation: One interface (device) identified by an IP address of 192.168.1.x (I1) that's connecting through whatever service to another interface with IP 192.168.1.y (I2) to port (P2) on the same LAN. Now I want to redirect all…
h4nek
  • 3
  • 2
0
votes
1 answer

fatal error in master.cf when restart postfix

I follow a guide to prevent spoofed emails in my mail server first I installed postfix-policyd-spf-perl apt-get install postfix-policyd-spf-perl second I added this lines to the smtpd_recipient_restrictions in the main.cf check_policy_service…
Emilio Galarraga
  • 179
  • 1
  • 8
0
votes
2 answers

Change the domain in the 'via' that Gmail shows as the result of a wrong SPF record

So I have a small Linux webserver, it is running the Direct Admin control panel and everything is working fine. For each domain, SPF and DKIM records are present in the DNS and mail is (as far as I know) never flagged as spam, perfect. Now I have a…
Neograph734
  • 101
  • 1
  • 1
  • 10
0
votes
0 answers

Exchange 2013 -Prevent Spam emails from outside but with my internal domain name

my apologies if this question was asked and answered previously. we have Exchange 2013 email server. We have been seeing some of the emails are coming from outside but using our own domain name which should not be. any email coming from outside…
arifr
  • 41
  • 4
  • 9
1 2 3
8 9