How Can I Prevent Hackers From Spoofing TCP messages onto my server?

I have a Python client and server communicating over a TCP socket – they send and receive a certain set of standardized string commands to each other.

How can I prevent a hacker from creating their own client that sends the same kind of string commands (but with their own values) to the server?

Is it right that I can assume the hacker has access to the TCP messages being transmitted/received, but not the individual code that is being executed (if I only give them the executable)?

I’m new to network security and wanted to decide how best to design my network communication scheme.

Idea – I was imagining that I could possibly encrypt the messages before sending and decrypt on the server (assuming the hacker can’t find any of the keys in the source code?). Is this a secure way of going about it and am I on the right track?

What prevents someone from spoofing their public key when trying to establish an SSH connection?

Recently I’ve been trying to learn the mechanisms behind SSH keys but I came across this question that I haven’t been able to find an answer to (I haven’t figured out how to word my question such that searching it would give me the answer).

Basically, we add our local machine’s public key to the server’s authorized_keys file which allows us to be authenticated automatically when we try to ssh into the server later on. My question is: what if someone takes my public key (it is public after all) and replaces their public key with it? When the "attacker" tries to connect to the server, what part of the process allows the server to know that they do not have the correct private key?

I read somewhere that for RSA, it is possible for a user (let’s say user A) to encrypt/sign a message with their private key, and then for others to decrypt this message using A‘s public key, thus proving that A is really who they claim to be. However, apparently, this is not true for all cryptosystems, where it is not possible to sign with a private key (according to What happens when encrypting with private key?, feel free to correct this information if it is wrong). In those cases, how does the server make sure that the user is really who they claim to be?

SPF record does not preventing the sender spoofing

I am bug hunter & still new in bug bounty programs. I’ve reached to this topic which I can’t go further before understanding this one .

I used one of the most SPF record finder online , the result of this test was they already have a SPF record

BUT

I still can send an email as their domain exactly!

so , does really SPF record prevent email spoofing attack? If it does, why I still can send an email as their domain exactly ?, if it doesn’t, how can we really prevent the email spoofing attacks

also maybe I’ve some misunderstanding between SPF misconfiguration & missing of SPF record do they mean same ?! what is the situation as written above is it a misconfiguration or missing SPF record ?!

regards

How to prevent from DNS spoofing in Java code which obtains a name of localhost

FORTIFY static scan has detected that this piece of our java code is vulnerable to DNS spoofing attack:

public String getLocalhostName(){     try {         return Inet4Address.getLocalHost().getHostName();     } catch (UnknownHostException e) {         return null;     } } 

FORTIFY also gives these recommendations:

Recommendations:

You can increase confidence in a domain name lookup if you check to make sure that the host’s forward and backward DNS entries match. Attackers will not be able to spoof both the forward and the reverse DNS entries without controlling the nameservers for the target domain. This is not a foolproof approach however: attackers may be able to convince the domain registrar to turn over the domain to a malicious nameserver. Basing authentication on DNS entries is simply a risky proposition.

My questions are:

  1. Is getting the local host name really vulnerable to such an attack ? I can’t imagine such a scenario.
  2. How to implement this check in practice (in this code snippet)?

Tkank you.

DNS spoofing via ssl (https) by mitm with own wlan server

Problem: I have a local machine (IoT, lets call it MCC) which connects via SSL to a website (mcc.com) to get some JSON data. I would like to send modified JSON from my own server.

Idea: Setup a local device (lets call is rasp) which opens a wifi hotspot. The MCC should then connect to the rasp. The rasp answers with a certificate from the public server mcc.com, but sends the modified JSON data.

I am not familiar with DNS, but I expect this to be difficult as we do not own the public key of mcc.com. Does someone know some solution here? The MCC does not use some kind of DNS over https.

Mac Spoofing Not working on MacOS

I’ve recently been trying to spoof my mac address and I tried every way but it still doesn’t work. I’ve tried to change it from the terminal and other applications. Although it says it was successful on the terminal and says it has changed, It stays the same and yes I haven’t restarted my computer. Does anyone know why this is happening?

ARP Spoofing does not update ARP Table

i’m currently trying to do ARP-Spoofing / ARP-Poisoning with Kali Linux in Virtualbox in order to check the security of the Network of my company. I’m currently doing a little pentest, therefore i am allowed to do this. I’m trying to gain a man-in-the-middle position between a Laptop and my router. Therefore, let’s say i’m using the following:

  • Kali Linux in Virtualbox with external USB Wifi Adapter IP: 192.0.0.3 | MAC: CC:CC:CC:CC:CC:CC

  • Target-Laptop using Windows 10 IP: 192.0.0.2 | MAC: BB:BB:BB:BB:BB:BB

  • Default Gateway IP: 192.0.0.1 | MAC: AA:AA:AA:AA:AA:AA

Therefore i tried a few options for arp spoofing, for example the MitM-Framework, ettercap and arpspoof. When i capture the network traffic on wireshark, i can see the ARP-Packets, saying: 192.0.0.2 is at CC:CC:CC:CC:CC:CC and also: 192.0.0.1 (router) is at CC:CC:CC:CC:CC:CC

But when im looking up the ARP-Table on my target with arp -a , there is still the right MAC-Adress for the default gateway.

For example i tried:

  1. sysctl -w net.ipv4.ip_forward=1
  2. arpspoof -i wlan0 -t 192.0.0.2 192.0.0.1
  3. arpspoof -i wlan0 -t 192.0.0.1 192.0.0.2

Are there any suggestions what else i can try to fix my problem? Thanks in advantage 🙂