Does an attacker need to guess or brute-force a password for TCP spoofing?

From my understanding, TCP spoofing can be carried out if the attacker can correctly guess the sequence numbers from the response packets (to mimic the real client). The attacker may even obtain this sequence of numbers via sniffing. Furthermore, a trusted connection must already exist between the target client and the server in order for the attacker to intercept/spoof

However, I was a bit unclear as to whether the attacker would need to gain initial access to the system or network (by guessing or brute-forcing their password). In order to send the sequence numbers from response packets to the server, does the attacker need to have access to it? I am not sure whether this attacker can just send the SYN packets to the server without any access to the system/network. My concept of these things is a bit blurry right now and I would greatly appreciate some advice.

Thank you!

iptables – Attacker using “single use IPs” to generate large volumes of robotic traffic that is hard to block

Currently there is some wierd traffic on a HTTP server from lots of different IPs. I tried checking against known TOR exit nodes, but there were no matches.

They tend to be from countries in South America and Africa. However, none of the IPs are the same. So I’m not sure how the attacker is able to use so many different IPs, each IP only one time.

Does anyone know how an attacker might be able to get “single use IPs”? Perhaps they are from some sort of rented botnet? If so, is there an easy way I can check these IPs against a list of known threat IPs?

Any help would be greatly appreciated.

dnd 5e – When the Shield of Missile Attraction changes the target of an attack, does the attacker have to make a new attack roll?

As you suspect, the curse of the Shield of Missile Attraction only changes the target, so only one attack roll is made by the attacker.

Whenever a ranged weapon attack is made against a target within 10 feet of you, the curse causes you to become the target instead.

The attack has already been made, and the 16 is now against Thurin’s AC, which in your example would case it to miss. From the rules on combat (PHB, page 194):

If there’s ever any question whether something you’re doing counts as an attack, the rule is simple: if you’re making an attack roll, you’re making an attack.

Reverse shell from backdoor – exposing attacker? [duplicate]

If an attacker successfully installed a backdoor that connects to his computer via a reverse shell, how can the attacker hide his IP address?

I’d guess he can’t use Tor or a VPN, because packet forwarding would be quite impossible (is that correct?). Maybe he can use a different bought or hacked server as a proxy? How would he achieve that?

How can the attacker stay anonymous?

network – What happens when attacker scan a IP that is used by multiple devices?

Assuming ISP gives only 1 external IP and you have few devices that use this IP. So you will have a router and few PC’s with same external IP and different local IP. When all PC’s are online and one of them are vulnerable to EternalBlue, Bluekeep or something else. When attacker scans external IP. Will he see that IP is vulnerable even in case if only one PC is vulnerable or it will scan only router IP? Or it will scan only one device that has this IP?

ransomware – How does releasing exfiltrated data increase the chances of an attacker getting caught?

I’m reading an article from the Institute for Applied Network Security (IANS) titled “Ransomware 2.0: What It Is and What To Do About It”, and there’s a piece I don’t understand. The article requires a subscription, but here’s the excerpt (emphasis mine):

(Attackers) typically threaten to release confidential data to the internet or dark web if the
victim refuses to pay. This extortion tactic is fairly new and it is unclear whether it will become
more prevalent. If it does, it is uncertain whether attackers will release the data they’ve exfiltrated (and even how much data they’ve exfiltrated in the first place). Obviously, the more data an attacker exfiltrates, the higher they raise their profile and the more likely they are to be caught
before the encryption phase.
Therefore, unlike attackers motivated by IP theft, Ransomware 2.0
attackers have an incentive to minimize their data exfiltration.

Why would attackers not follow through with the threat of releasing this data? Does exfiltrating more data give forensic scientists, network admins, and the like better insight into the anomalous and malicious behavior–and shouldn’t attackers sufficiently cover their tracks? If not, how is the attacker profile increased with the volume of exfiltrated data published?

What exactly could we get as an attacker if Kerberos Pre-Authentication is disabled?

I’m learning about how Kerberos and it’s common exploits work and I’m a little confused. In this video explaining the process we see that at one of the earlier points the user is provided with two packets, one of them being a TGT:

Now from what I understand people can use the python script to crack the hash of the users password by brute forcing the hashed TGT. However this doesn’t seem technically correct: What we would really want to hash (according to the video) is the blue packet since once that is cracked that will provide the user’s password, and so then we can pose as the user.

With this in mind, with pre-authentication disabled (which shouldn’t ever happen in a real world setting as far as I know), how would we ever get the user password simply from cracking the hash of the TGT? Would we have to provide a valid user id and (since pre-auth is disabled) kerberos would happily provide the blue and red packets?

Ultimately I’m not sure what we’re cracking: A user account or a TGS account?

what information can an attacker gain from watching the users behavior in block chain?

Given the block chain is a public ledger, if user chooses not not change their public key
every time they make a transaction, what information can an attacker gain from watching
the users behavior?

dnd 5e: What is the Spirit Weapon attacker, caster, or weapon?


This question was prompted by this question about the relationship with the rogue's mysterious dodge feature and being able to see the attacker when spiritual weapon it's used


When a creature is subject to the magical melee attack of spiritual weapon What is the attacker considered?

  • Is the shooter considered the attacker?
  • Is the spiritual weapon itself considered the attacker?
  • Are they both?


This has mysteriously dodging implications, as it would respond if the dodging rogue needs to see the caster or weapon.

This has implications for hellish rebuke that if the spiritual weapon is the attacker, then hellish rebuke cannot harm the caster.

dnd 4e – How does the lodestone lure work if the attacker moves away from the target?

Level 3 Battle Mind Discipline stone lure magnet, an attack power at will, has the following entry:

Hit: Constitution-modifying damage, and you must roll the target 1 square. Until the end of your next turn, the target can only move to squares adjacent to you. (Psionic Power 37 and updated by errata; q.v. here)

I don't know how far that second sentence should limit the goal. I usually should limit instead of just limits Because my research shows that opinions on how power works are varied, controversial, and sometimes heated. And, as Wizards of the Coast itself is unlikely to clarify or issue further errata for the stone lure magnet At this point, I seek help from experienced users to determine a balanced power reading. here balanced Here it means that the impact of the power in the game is approximately equal to the impact of the other powers of the class of the same level.

On his turn, a level 3 battle mind takes a standard action to use discipline at will stone lure magnet on a target 2 squares away. The battle mind pulls the target adjacent to it (as the power typo now says it must). Then, by any means, the battle mind moves 2 or more squares away from the target. On the target's turn, what's a balanced way for the target to behave? Here are a few options:

  • Essentially immobilized. A typical target is immobilized in everything but the name. That is, no matter where the target's movement takes you, your first move frame won't move it to a frame adjacent to the battle mind, so the target is stuck where it is unless either can move without moving (eg by teleporting) or does it move via forced movement This reading is mentioned in a Penny arcade forum thread here containing strong language. The consensus seems to be that this reading, although possibly technically accurate, not balanced (see above). Even as a new 4e Player, I tend to agree, but I'm not 100% sure if that thread's evaluation is correct.
  • As a charge but no. A typical target can move normally except that each frame of the target's movement must bring the target closer to the battle mind, like a charging creature. This reading is mentioned in a RPG.Net thread here that heats up. Note that a user in that thread says Wizards of the Coast customer service agrees with this reading. I absolutely believe that was what the user was told, but I don't know how much weight an anonymous decision from the Wizards of the Coast customer service representative has on the Dungeons & Dragons, fourth edition community. (To be clear, I'm used to Third edition community where that weight is 0 lbs.) This seems balanced enough for this new 4e player, but that's not what power really says it does, and the disconnect makes me suspicious.

Those were the options I found, but I'm sure other power readings are possible. Users should feel free to have their responses address alternatives. In sum, what reading of the stone lure magnet is the power balanced? Also, how can the stone lure magnet powers Hit Should the entries be reformulated to reflect a new balanced reading?

Note: When evaluating the second bullet reading, also consider what happens if a target is affected by the lure of multiple characters powers simultaneously.