MAC spoofing security
Posted in QnA Arena on Aug 18, 2009 at 20:22 IST (12 months ago). Subscribe to this post
Email
Showing comments 1 to 4 of total 4 on page 1 of 1
Post reply
EmailShowing comments 1 to 4 of total 4 on page 1 of 1
« Previous1Next »
tavishRank: 60
Hi,
I want to know if some websites would be using just your public ip to authenticate your account. For example google accounts, would someone be able to access my account just by spoofing my local ip and MAC (someone on my LAN).
I am not much aware about the techniques used by websites to authenticate users, but does doing 'remember me on this computer' use a long-lasting cookie or your ip? I am wondering about this because recently my friends on my friends list in gtalk would tell me that i have been signed in all day long. I was able to change my password and everything allright and my recent account activity was from probably my ip( i have dynamic ip ).
I want to know if some websites would be using just your public ip to authenticate your account. For example google accounts, would someone be able to access my account just by spoofing my local ip and MAC (someone on my LAN).
I am not much aware about the techniques used by websites to authenticate users, but does doing 'remember me on this computer' use a long-lasting cookie or your ip? I am wondering about this because recently my friends on my friends list in gtalk would tell me that i have been signed in all day long. I was able to change my password and everything allright and my recent account activity was from probably my ip( i have dynamic ip ).
Posted by tavish on Tuesday, August 18, 2009, 8:22 pm
sureshccRank: 9
No, Google has implemented it (remember me) in a highly secure way. When you sign in with the checkbox ticked on, Google stores a unique hash in your browser cookie set. The hash is a combination of the your user name and password, but since it's a hash, no one can find out the original keys which resulted in hash. I.e., there's no way to reverse the hash.
Now every time you get to one of Google's web pages, it checks for this cookie and verifies it to be matching on the server side. If it matches, you're signed in automatically.
Now to the spoofing part, if you spoof your IP and MAC (which is easier said than done, believe me), he doesn't still have the cookie or the session active at his end. However, when I think again, it is remotely possible (read as almost impossible unless you have a real good hacker in your local network) to watch your conversation with the server for a long time, get hold of your cookies and then do a man in the middle attack.
Easiest way for you is to secure your communication via SSL. Turn it on in the preferences of Gmail, and that's it. No more man in the middle attack and nothing can be done by spoofing IP.
Now every time you get to one of Google's web pages, it checks for this cookie and verifies it to be matching on the server side. If it matches, you're signed in automatically.
Now to the spoofing part, if you spoof your IP and MAC (which is easier said than done, believe me), he doesn't still have the cookie or the session active at his end. However, when I think again, it is remotely possible (read as almost impossible unless you have a real good hacker in your local network) to watch your conversation with the server for a long time, get hold of your cookies and then do a man in the middle attack.
Easiest way for you is to secure your communication via SSL. Turn it on in the preferences of Gmail, and that's it. No more man in the middle attack and nothing can be done by spoofing IP.
Thankful users: tavish
Posted by sureshcc on Tuesday, August 18, 2009, 9:28 pm
sureshccRank: 9
Oh I just forgot to answer the second part of your question. The reason you being shown as signed in is because of two things
- GTalk allows you to be signed in from different places at the same time. So if your IP changes in between, the signout command doesnt reach GTalk server, and it assumes you're still logged in and idle at that IP, until it times out (which is a high timeout) and declares you as signed off.
- Sometimes when you don't sign off and just quits the program or pulls the network plug, the same thing happens. Signout command doesn't reach there. As per your last communication with the server, you were signed in. Now until it reaches the timeout limit when it finally figures out that you are indeed dead and not idle, it signs you off.
Thankful users: robert
Posted by sureshcc on Tuesday, August 18, 2009, 9:32 pm
robertRank: 15
hey tavish, i faced this same prob once and at first i thought my acc has been hacked!! 
thanks a ton for the detailed explanation suresh..
Posted by robert on Wednesday, September 16, 2009, 2:28 pm
Pages: « Previous1Next »