Skip to main content
Information Security

All Questions

Ask Question
Tagged with
5 questions
Newest Active Bountied Unanswered
0 votes
1 answer
444 views

Can this logic with regard to checking Reverse DNS records be flawed?

For my web app, I hardcode a reverse DNS detection for common web crawlers. And for detecting them I use their Reverse DNS, which I always check whether it includes i.e. google.com. My questions would ...
Munchkin's user avatar
Munchkin
  • 264
0 votes
1 answer
3k views

Is IP spoofing possible in Windows Desktop with user privileges?

I read on WinSockAPI that IP spoofing is disabled for Desktop windows devices (non-servers like Windows 7, etc). However, I've been able to do IP spoofing using nmap, so clearly this is possible. ...
Daniel Grover's user avatar
Daniel Grover
  • 872
8 votes
6 answers
13k views

Why can't we block DNS Amplification attack by blocking UDP packets or DNS response packet?

I mean if the attacker tries to ask all the open DNS resolver respond to a web server. The web server can just block its UDP ports. If the all the DNS response go to a Authoritative Nameserver(victim)...
user15580's user avatar
user15580
  • 777
6 votes
2 answers
10k views

Spoofing email From address

Providing all legal measures are taken care of, what are some of the ways someone can spoof an email "From" field address and actually get the email to the recipient without spam filters getting in ...
user6255's user avatar
user6255
  • 211
15 votes
2 answers
11k views

How easy/difficult is it to spoof DNS? Are some scenarios safer/more risky than others?

Practically speaking, how easy difficult is it to spoof DNS? What scenarios are more risky than others? For example: A phishing email or twitter link that attracts users to click a hyperlink A ...
makerofthings7's user avatar
makerofthings7
  • 51k