From: Vivek P (iamherevivek@gmail.com)
Date: Sun Sep 16 2007 - 02:21:15 EDT
hi DotZero,
I appretiate your concern
I would make it clear that what is the reason for me to write this
entry on sec-basics & pen test.
> Is there a particular reason you are trying to hide your IP address?
> This might aid others in formulating response to your question (or
> deciding not to answer).
I am working with a research Team out of IIT Delhi, the best
educational & research center in India, we were having some debate
this week were we were asked to break the security infrastructure of
our intranet! We have found out that the rules are written based on
the ip classes! & the admin classes are given full access! but the
problem is that the admins connect to internet over a different
internet backbone than ours. So we need the IP adress of a machine to
be spoofed permenantly as the admin's ip adress!
> So the pentest is only FTP, HTTP and "regular communications"?
> Why permanently?
pentest is basically to desribe that i will be conduction network
exploration & default pwd enumeration where ever required.
I would use the hidden Ip adress to do FTP & other access so that
there is no problem in the logs when they are analysed!
> Looking forward to your response. I can think of approaches that would
> fulfill your description. Some are legal, some might be termed "grey"
> and others would be flat out illegal in many/most jurisdictions. I
> apologize for sounding cynical but what you have posted so far does
> not incline me to post approaches to help something that sounds a bit
> iffy.
I really appretiate the concern, I would assure you that it is
strictly for an academic view point!
we are nt testing it on a real world scenario!
It is just to make some new n/w rules! and assure that the basics are correct!
Just to test the architecture & the technologies that run it...
thank you...
Expecting some clarity of hw can i go abt it...
-------------------------------------------
Vivek P Nair
Vice President Technology
Appin Group Of Companies
Appin Security Group
Module III TBIU
IIT DELHI
Hauz Khaus
New delhi
India
www.appinlabs.com
vivek.p@appinlabs.com
+919910924675
We explore... and you call us criminals.
We seek after knowledge... and you call us criminals.
We exist without skin color, without nationality, without religious
bias... and you call us criminals.
You build atomic bombs, you wage wars, you murder, cheat, and lie to
us and try to make us believe it's for our own good, yet we're the
criminals.
Yes, I am a criminal. My crime is that of curiosity.
My crime is that of judging people by what they say and think, not
what they look like.
I am a hacker, and this is my manifesto.
You may stop this individual, but you can't stop us all!
On 9/15/07, Dotzero <dotzero@gmail.com> wrote:
> On 9/13/07, Vivek P <iamherevivek@gmail.com> wrote:
> > hi
> > thanks for the quick reply
> >
> > my goal is to hide my ip adress, the n/w packets will be pentest
> > related & general stuff!
> >
>
> Is there a particular reason you are trying to hide your IP address?
> This might aid others in formulating response to your question (or
> deciding not to answer).
>
> > there is no torrent, but FTP, HTTP & regular communications will take
> > place from the setup!
> >
>
> So the pentest is only FTP, HTTP and "regular communications"?
>
> > I am looking for a solution with which i can permanently show a
> > different IP adress! (not actual)
> >
>
> Why permanently?
>
> Looking forward to your response. I can think of approaches that would
> fulfill your description. Some are legal, some might be termed "grey"
> and others would be flat out illegal in many/most jurisdictions. I
> apologize for sounding cynical but what you have posted so far does
> not incline me to post approaches to help something that sounds a bit
> iffy.
>
> dotzero
>
-- ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:07 EDT