homepage Welcome to WebmasterWorld Guest from 54.237.184.242
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
uni directional IP spoofing
littleman




msg:358867
 9:28 pm on Nov 24, 2000 (gmt 0)

OK, I got a question for you Air, and Brett or anyone else who may know the answer. Isn't it very possible to do a one way communication using a bogus IP address? I mean cant you broadcast out that you are one IP when you are in fact another, but you will never receive the reply? From what I know it looks like this is possible, useless for doing any detective work, but possible. Is it in fact illegal? What laws are you breaking? Unlike bi-directional IP spoofing this wouldn't require cracking into the routing networks.

Thoughts please.

 

Brett_Tabke




msg:358868
 3:07 am on Nov 25, 2000 (gmt 0)

Afaik, it is not specifically illegal. Yes, ip spoofing is one way. Often hackers will setup relays, where a packet is constructed with a real return ip address, but that real address is also compromised box. Spoofing is usually used for simple DOS attacks where the target machine is flooded with requests - most modern routers can control the number of requests per second if properly setup. In the famous Yahoo/MSN attacks, the routers were not setup correctly to ignore multiple requests.

Air




msg:358869
 4:42 am on Nov 25, 2000 (gmt 0)

Yes it is possible, but as you said not much you can do with it, other than being annoying. Illegal? It is hard to say, I don't think the act of impersonating an IP is illegal, it is the means used to do it, or what you do with it that often gets you in trouble. You need to have control over some of the network devices besides your machine, otherwise if you simply try to use another network's IP address as your own you won't come up, or get out of your own network if you do.

The usual method for IP spoofing without control of routers/gateways and possibly DNS, is to use another machine in a network you've cracked, usually, as Brett said, it involves using multiple machines from multiple networks to cover your tracks. Even this can be thought of as spoofing the IP one way, because almost always a different IP is used to retrieve the results.

Napoleon




msg:358870
 2:24 pm on Nov 26, 2000 (gmt 0)

>> Yes it is possible, but as you said not much you can do with it, other than being annoying. <<

How about a script to repeatedly open the top entry on Goto, with a different IP address each time? Blows a bit of a hole in PPC if it works... how do they prove it's a spam, and in particular, which IP address's are spam?

Obviously, as an Emperor, I am not suggesting any such a course of action, but in theory, could it work?

The question that also arises is.. is THIS illegal?

2_much




msg:358871
 8:15 pm on Nov 26, 2000 (gmt 0)

Napoloeon, that's precisely why I don't think this PPC model is going to last. True, not many people have the skills to write up such a program, but just from looking at other programs that people have come up with, I'm sure it's possible. This probably won't be an issue with categories that are not very competitive. However, with competitive categories such as travel, real estate, and casinos, my guess is that it will occurr...so let's say you're paying 70 cents to be number 1...someone uses this software on you...and within 3 days you're out of the top spot and with NO conversions! AND out hundreds of dollars!
So people wanting top 5 listings will have to deal with repeated clickings from competitors...AND software programs that click on the site repeatedly with different IP's!
It's not gonna be pretty...

littleman




msg:358872
 9:16 pm on Nov 26, 2000 (gmt 0)

Such a program could very easily be thrown together using proxies. I do not (as of yet) know how to spoof an IP, but I could have whipped together a program using proxies six months after playing with
perl. If the proxy bank was big enough it would be almost impossible to screen against. That is the major hole in the ppc model, I am very surprised it doesn't get more attention.

One thing that I could see goto doing to prevent IP spoofing would be to require cookies to charge fore a click. I don't think that is happening now. That would be by a well thought out script that takes advantage of proxies.

Perhaps the thing that has prevented this from happening is an 'uneasy truce' among those who are in this game. Such activity would quickly lead to fortunes being lost.

2_much




msg:358873
 9:11 am on Nov 27, 2000 (gmt 0)

"an 'uneasy truce' among those who are in this game"...

Very true Littleman..but, how long can this last? I'm young but something I've learned is that people are primarily looking out for their own wellfare...
Let's take John Doe for example...he has many casino sites and that's how he earns a living...Xmas is here and he has 3 young children...he is a great programmer and has mastered perl...John Doe needs a lot of money to buy playstations and scooters for his kids, clothes and gifts for his wife, etc...If John Doe has the ability to write up such a program, personally, I don't think John Doe is going to hesitate that much...what can he do, he needs more money and being #1 on AOL, AV, and Hotbot will do it for him...
Again, I'm being very pessimistic here...but, just like Littleman, I'm just amazed that this issue isn't being properly addressed and GoTo hasn't installed other "security" measures...
I'm hoping either this will happen or that this model will "implode" so that another, more reliable model is established.

Napoleon




msg:358874
 9:17 am on Nov 27, 2000 (gmt 0)

> One thing that I could see goto doing to prevent IP spoofing would be to require cookies to charge fore a click <

Not being an expert in this area, the next question that comes to mind is why shouldn't the 'clicking program/script' also delete all cookies prior to each change of IP address. This sounds simple... maybe it isn't as straightforward as it appears.

I still don't understand why this scenario has not yet materialised, assuming that it is indeed as achievable as it seems. Maybe it just needs the hacking/etc newsgroups and boards to become aware of the possibility (which they are bound to in time).

In the meantime... a bit of a dilemma... whether to invest in something that may be blown apart at any stage. That is, of course, apart from the dilemma of whether to invest in something that many people think is bad news for the net in general and SEOs in particular.

han solo




msg:358875
 2:32 pm on Nov 27, 2000 (gmt 0)

This discussion has taken an interesting turn, and I like the thoughts being thrown around here.

Why don't the pay per clicks protect against something like this? I don't know that I would have the malice to do something like this, (unless I was absolutely sure I was doing it in direct, verifiable retaliation) (which I don't see happening ;) )but who's to say some other people wouldn't hesitate?

I've heard some clients before say that seo firm such and such bad mouthed another, which to me was kind of sad. Why bother doing that, it only leaves a bad taste in peoples mouthes? Same thing here, if you sink to the next low level, what's to prevent the guy you just hijacked from doing you one worse?

Although, I think the direction that Little started on, if I may presume to be on the right track, is getting the optimized stuff out of somebody's system which does ip verification...is that right? If that is the angle you started this with, bravo...I've been contemplating doing that for months...but I don't have the programming savvy to pull it off...as a matter of routine, I like to learn from my peers, by getting at as much of their code, templates, link strategy, etc. that I can.

And I honestly don't see a problem with that. I mean, we all share here, and if you are listed in the engines, eventually, somebody will get your code. I'm not malicous about it, I don't straight dupe competitor's work...I achieve good results as is. It's just nice sometimes to see other's approach, and that might inspire me to do something new...:)

Han Solo

Napoleon




msg:358876
 6:06 pm on Nov 27, 2000 (gmt 0)

>> Why don't the pay per clicks protect against something like this? <<

I don't see what they could do. A clever script using different IP addresses, bulk attacking several (or more) different sites with different search words and deleting and cookies left around... I don't see how they could differentiate between this and 'legitimate' activity.

I also don't think that the 'malice' you refer to is against other SEOs... surely the target is most likely to be 'big business'... the concept that the deepest pocket will always win (as ultimately it will if PPC dominates!!!).

This is also why I think it is inevitable that the PPCs will be attacked in this way... because many of the guys who hack seem to be driven by this sentiment.

I am not encouraging this of course, but it seems to me to be how it is. Time will tell.

Finally... I've just spotted your surname MR Solo... to clear up doubt, I am Napoleon Bonapart, not Napoleon Solo (from 'Man from Uncle')! If you have no idea what I am talking about, don't worry about it (it just means I am older than you!).

tedster




msg:358877
 7:50 pm on Nov 27, 2000 (gmt 0)

GoTo has some kind of pro-active filter in place to guard against competitive clicking. I have heard from several people about refunds to their account which were made without any complaint being lodged. I would imagine their method is IP based, but who knows.

I'm hoping they also already have an answer to this potential problem, and are, very naturally, not showing their hand. Seems to me they could establish a baseline for any keyword and then set some kind of "click frequency" alarm to trigger a human look at what was going on in the click traffic. Am I just being a pollyanna here?

han solo




msg:358878
 8:35 pm on Nov 27, 2000 (gmt 0)

That seems pretty reasonable, Tedster...a baseline for clickthroughs...but what happens when somebody runs an ad on some prime time show for "widgets", then suddenly everybody is searching for them, because you know they will run out in time for christmas, and all the kiddies have to have them...

And looking at the logs I've seen about traffic, one day to the next there can be sizeable fluctuation...

I guess they could filter out things we've been discussing, multiple ip's through on one account, or multiple accounts listed for the same keyword, without cookies, and then try tracking the surfer/(s) who were "abusing" the system.

I have to agree with Napoleon, and the bulk of the people here, I think their system could be easily debunked by somebody creative, and malicious. BTW, I have no idea who Napoleon Solo is, I recall a post mentioning it before, but though I'm old enough to have grey hair, I'm not familiar with what you mean...must've been before me.

Cheers,
Han Solo

DaveAtIFG




msg:358879
 9:20 pm on Nov 27, 2000 (gmt 0)

I have a client buying GoTo traffic and has already encountered competitors clicking his ad costs through the roof. GoTo provides a click log if a cutomer insists on seeing it. My guy sorted through it, found blatent and obvious abuse, and went back to GoTo saying "Hey lookie here!!" Goto credited him with the clicks. But as of two weeks ago, there was nothing in place to prevent a repeat. A few spoofed IPs will bring the whole works crashing down... GoTo makes money every click, they have no motivation to fix it until word gets out and business erodes...

littleman




msg:358880
 10:25 pm on Nov 27, 2000 (gmt 0)

>Although, I think the direction that Little started on, if I may presume to be on the right track, is getting the optimized stuff out of somebody's system which does ip verification...is that right?

No, that isn't what had in mind. Not that I wouldn't if it were possible, but one way spoofing could not do that. I actually am interested in this for something completely different - not related to any of the above topics. I do every legal thing I can to crack other people's cloaks, and have cracked quite a few. But, you can't crack a cloak with a one direction spoof.

>Not being an expert in this area, the next question that comes to mind is why shouldn't the 'clicking program/script'
also delete all cookies prior to each change of IP address. This sounds simple... maybe it isn't as straightforward as itappears.

It's a little more complicated. If you are IP spoofing you can't accept and hand off a cookie, because the communication is one way. This isn't the case when you rotate public IPs however. If someone rotated IPs and user agents and flushed cookies on every request it would be nearly impossible to detect. There are several screens that could be done, say like verifying the visitor with an image call - but that can be overcome too. If someone was slick there would be no way of knowing.

Please don't think I am advocating such a thing.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved