|
|
|
|
|
|
by tzs
3561 days ago
|
|
|
> 3. Spoof the IP address of a ton of high profile people - hopefully executives at he kinds of places the sue for this crap. > 4. Download that copyrighted content with the spoofed IPs, and make sure it's "Monitored" by one of the companies that monitor this junk How do you download using a spoofed IP address? Won't the three-way handshake to open a TCP connection with the server go awry because the server's SYN/ACK response to your SYN will go to the machine the really has the IP address you are spoofing? The server will then expect an ACK for that packet, and that ACK will have to give the sequence number that was in the server's SYN/ACK. Since you won't have seen the server's SYN/ACK, you won't know the sequence number. If you can guess it, you could send a spoofed ACK to make the server happy, and the server should then start sending data packets. You'll have to send ACKs for them, but I suppose that could be done blindly. So the question is, it seems, how do you guess the sequence number? It's 32 bits, and I believe most modern TCP implementations chose the initial sequence number for a connection, so blind guess seems a bit impractical. |
|
|
Likely a more successful course of action would be to spearphish the targets and compromise one of their machines, so you can actually download the content as them. You might as well even plant child porn or whatever on their computers, while you're at it. In for a penny in for a pound I suppose.