22 replies to this topic

[ScriptBlue]

Last night I was having fun tricking this one guy's buddy list into thinking that everyone was offline, and I was forging all the packets with the AIM server's IP and MAC address. Then when I tried to log on legit, it said server error, it says that from all of my computers! I've tried to direct connect my comp to my high speed modem but nothing works, everything else is ok. Even when I tried to ping the damn server it says Request timed out. I can't get my IP renewed because RoadRunner just refreshed it for the last time last month after my website got DOSed. Please help. I need to get back on AIM. Sometimes thou, I can get on for a sec, then it says server error. :evil:

[Elyubarov]

Well tell this works with optimum online, not sure about road runner. Call them up and say my internet isn't working, when they guide you through all this stuff keep saying it doesnt work then theyll reset the modem(hopefully), and that will reset your ip.

[ScriptBlue]

that doesn't do anything for RR, the DHCP server gives you a lease for the IP for 99 years

[Elyubarov]

yeah but they reset the dhcp server

[Frightcrawler]

Yeah, you probably got IP banned. Somehow, I don't think AIM likes people forging AIM servers.

Assuming that you use Windows XP (don't turn this into a Linux thread!), this might work

[ScriptBlue]

yes, every 99 years, RR is the best example of a static IP DHCP server
this is crazy, it's DHCP yet it doesn't refresh, only every 99 years or so.

thk you nightcrawler, i'm behind a freaken' router that'll only give my computer a new IP not the modem

nvm, i'm calling RR rite now, i'm going to tell them that nothing works, and that some guy was telling me he was going to get my ID number :wink:

[Frightcrawler]

Nice story. :wink:
Just pretend to be uninformed, like most consumers are.
Just hope they don't say something like "faulty modem, send it back to us," or something to that extent.

[ScriptBlue]

no way, i'm not sending it back, no way! that'll be like 2-5 days w/o an internet connection!

[Retina]

Or they'd come out to your house and replace it on the spot, like they did for me... same IP, of course.

[Josh]

Well, you should get yourself an ICQ number to contact AIM people until this is fixed.

Also, if you access your router's IP, you should be able to release your IP and renew it.

[Wizard]

So explain to me how aim servers knew you were doing this if you forged your ip address?

Looks like you tricked your isp into thinking that aol servers (that ip) is you. Which is dumb. And if that happened you wouldn't have any effect on your buddy.

How exactly did you spoof those packets?

Any self respecting router won't forward packets from ips that aren't on your network either.

Were you on the guys lan? same subnet maybe?

Both have RR?

Hrm..

This perplexes me a lot.

-Francis

[ScriptBlue]

Quote

So explain to me how aim servers knew you were doing this if you forged your ip address?

this is what happened, i had a packet sniffer on and realized that when some1 signs off the AIM server sends you a packet that gives the person's sn. then AIM client reads it and removes that person from you online buddy list. i got a hold of that packet and forged it, i made the source IP that of the AIM servers, and the destinatio IP and MAC address that of the guy's. then i stated filling in sn that have signed off, i know who he has on his buddy list coz he asked me to back up his comp a while ago. so i simply staeted copying and pasting all those names into the packets. however i just realized that your computer sends a sort of a live-conformation packet. since the packet was forged, the AIM server didn't know what was going on. however my MAC address was still attached to the packet! and i guess that the AIM server got found out it was me so last night i called RR and i started saying the stupidest things "this guy said he was going to get into my computer, and said that he knew my ID address :roll: and he said he was going to uber hack me! :roll: " they of course gave me a new IP, coz i have been a target of previous DOS attacks and Win Nukes in the past (none of them got thru, however my internet was slow and RR called home, and said i was a victim of an online attack) then just to make sure that AIM wouldn't identify me again, i changed my NIC card, and now i'm back online
i beat the system!

PS i have a linksys WRT54G router, however my router doesn't have the DHCP server enabled, so it doesn't doesn't know which IP exists or doesn't exist on the network, coz you can forge the handshake. so instead of the usual 6 comps there were 7 comps on my lan...



BTW this reminds me, does anyone want to know how they can forge e-mails using telnet :idea:

[Wizard]

Or forge emails using any mail client? :-p

I got in trouble (twice) for doing that to Mr. Poleshuck. I didn't even get caught they just assumed it was me. And a year later when I was in college the Principal's email supposively got hacked and my name came up. It was cleared almost immediately (I did have friends in the administration and was known as a good guy. Mr. Poleshuck even backed me up.)

Anyway, the mac address gets changed on each hop your packet hops to. (gets replaced by the routers mac) in fact when you computer sends a packet to an ip it requests the ip of the sender and the router will answer with it's mac so it can pick up the packet and route it.

So you probably can't find out the aol server's mac address. Just your routers. But that didn't hurt you it just got the packet to the router.

Why your router would route and ip from an outside ip address is beyond me, bad configuration if you ask me.

[ScriptBlue]

it's not from an ouside IP... it doesn't know, dhcp isn't enabled so i have to configure each computers IP, DNS, and gateway separately... therefore the router thought it was just another computer on the network (after i did the shakehand thingy) your mac does not change otherwise the packet would be routed (the check sum would be equal to the rest of the packet!)

[Wizard]

So your were on the same network as your friend?

And yes the destination mac does change between hops. It gets set to the next hops (router) mac. Switches wouldn't forward your packets to the right port, and the router would ignore it even if it did see it. The checksum only checks the data I believe but I honestly don't remember that verbatim. Most likely its recalculated with the new mac.

When you request the mac of an ip outside your network you machine literally sends out a broadcast "Who has the mac of X.X.X.X?" and if no one responds the packet is unroutable (no root to host). With a gateway set any packet sent to an ip that's not on your subnet will get sent with the mac of the router, the router then routes (with home router's its usually to its gateway owned by your isp) and the ip stays the same (after all it's what your trying to reach) and the mac is sent to the next router that knows about that network, and then sent down the line.

This has nothing to do with dhcp or static addresses. Your router doesn't deal with traffic destined to your local network (your actually hooked into a switch that's connected to the router).

[ScriptBlue]

we are 2 hops away, 1 hop comes from my home network

[Wizard]

Run a traceroute for me?

[ShadOh]

I say unplugg the modem adn plug it or write a sappy letter to Aim

[z2z007]

That would not help one bit.

[ScriptBlue]

Quote

Run a traceroute for me?

ok....