Can an IP address be faked?

Walter

Apparently someone logged into a kids student account at the university and dropped all of his classes. The university is blaming my buddy, saying that it occured from his IP address. He has a receipt from a gas station far from his home that proves it couldn't have been him but the administration is saying that doesn't matter. As a result he is suspended and the administration is saying his appeal is unlikely to succeed.

I don't know if he is withholding information or not, since its pretty weird that the university could get his IP address. My only thought is that they record the IP address whenever students log into the university and his matched. Any thoughts as to whether or not this could have been faked by someone out to get two people?

He has posted this up on a pre-med forum if you care to look but all the advice he has recieved so far is "get a lawyer" I am hoping for more technical info on how the university could be wrong in this matter. DO NOT MENTION EXACTLY HOW TO DO IT, that is probably a no no.
http://forums.studentdoctor.net/showthread.php?t=394582

DrFrylock

Real IP spoofing is fairly difficult. It's not extremely hard to change the source address on an IP packet so it looks like it comes from somewhere else, especially if that somewhere else is on the same subnet. However, since all response packets will go to the spoofed address, you will only really be able to send packets one-way.

I think it's more likely, if the request did indeed come from his computer, that his computer was hacked (through a trojan, perhaps, or an unpatched security hole, or he's running an out-of-date proxy server like Wingate or something that has a vulnerability). Or, if he's using a wireless router, that could be the issue as well.

Proto

If it's his IP they have, chances are good that someone was using his computer to do it. And yeah, they probably record the IP of the person logging into the account, it's pretty standard.

Where is he located? In a house with a shared connection? The IP would appear to be the same for every computer on the network.

If his IP is dynamic, there is the possibility that his IP was reused by someone else after he used it.

Does he know the other guy at all? If not, it should be a simple matter of pointing that out to the administration...

Walter

He is in a house with a secured wireless network, but he has friends over all the time who use his comp. Sounds like hes pretty screwed because no one is going to confess. He knows the other guy.

Vindicta_

How's your buddy getting his internet? Is it from the school?

I know with my school we had to give the IT department our MAC addresses for our computers so that they statically set the leases for each computer that they were giving the addresses out to. I'd like to know how they specifically knew it was him if they weren't the ones providing him the internet.

Also as Frylock said if he was using an unsecured wireless router, that'd be pretty easy for someone to use, as the IP address is leased to the router and not the computer, and the router hands out non-routable addresses to the clients on it's network.

Walter

Internet is from a third party. Like I said, they probably got his IP from when he logs on to check his grades/email and stuff with his student ID. What Ithink happened is that someone did it using his computer. I guess he has a number of friends who come over and use it all the time. Since the administration doesn't care that he can prove he wasn't there at the time, sounds like he's screwed unless one of his buddies fesses up. (They actually told him he could have called his house and had someone drop the classes, WTF???)

Proto

So the other guy is in his circle of friends? Or is he not a friend?

If he is, why can't he get him to vouch for him to the administation ...something like: "he wouldn't have done this to me, it must have been someone else using his computer"


Here is what happened though, I'm almost positive:
One of the people in his house learned this other guys password and then used your friend's computer to drop the courses. No IP spoofing or hacking at all.


If he can get a friend who is not in university to confess (real or not), that would probably get him off the hook.

Vindicta_

This is probably a long shot, but is the IP address his own, and not some public one? I'm talking like if he logged on at a public library, or something and they assumed that it was his.

It really just doesn't seem realistic to me that a school could pin something on someone because that person had logged onto their site with that address before.

Walter

Proto wrote: »

So the other guy is in his circle of friends? Or is he not a friend?

If he is, why can't he get him to vouch for him to the administation ...something like: "he wouldn't have done this to me, it must have been someone else using his computer"


Here is what happened though, I'm almost positive:
One of the people in his house learned this other guys password and then used your friend's computer to drop the courses. No IP spoofing or hacking at all.


If he can get a friend who is not in university to confess (real or not), that would probably get him off the hook.

Yea, thats exactly what I think happened. It is his home IP address I am assuming. Although I will get him to ask the university to make sure it isn't some library address they have matched him with. Thanks guys, doesn't seem likely that he was spoofed.

rockmonkey

why would he be dumb enough to do it from his own computer? Doesn't make logical sense and he has a receipt that places him elsewhere. "Calling and telling someone else to do it" is some pretty far fetched bullshit. I don't really see how this is at all fair.

Shit if the receipt isn't good enough he might be on camera at the gas station or any number of other places that puts him elsewhere and not enough time to make it home and do the deed.

Proto

I think something is being left out here.

Would this guy have some reason to believe your friend would do this to him?

Thanatos

The university is fucking your friend over because they can.

What he needs to do is stop talking to them, and start talking to a lawyer. He may even want to try the ACLU. A letter from them can get a lot of things done, though they may say it's not a civil rights issue.

Pheezer

It'd be pretty hard to construe this as a civil rights thing. But yes, tell him to lawyer up, but continue pursuing the official channels until he's completely stonewalled or a lawyer tells him to stop. Judges do not typically care for people who choose to litigate prior to pursuing every other option available.

kingmetal

your friend needs a lawyer, not an internet forum.

Marty81

Is it possible your friend is dynamically assigned an IP by his provider, and the one that was used (by someone else) on that day was randomly also assigned to him at one point in time, making the college think it was him?

Feral

Vindicta_ wrote: »

I know with my school we had to give the IT department our MAC addresses for our computers so that they statically set the leases for each computer that they were giving the addresses out to.

Yes.
MAC addresses are very easy to spoof. If the university at all ties IP addresses to MAC addresses (either by reservations as Vindicta describes, or by overly long DHCP lease durations) it's entirely possible that his IP address was assigned temporarily to a different PC in a different physical location entirely.
Oh, and get a lawyer.

lordswing

The university can't just add the classes back again? It seems pretty ridiculous the university wouldn't just add them back again if your friend mentions the word "lawyer"

Descendant X

I've been reading the thread on the other forum and the OP over there has said that his friends did it from his computer as a prank. No ip spoofing there. Sounds like he has a bunch of douchebags for friends. To top it off, they've also been telling him to take the rap for this as they'd apparently rather see him get fucked by the administration rather than man up and admit to the "prank" themselves.

Seriously, what kind of numbnuts drops someone from their university classes as a "prank?" Are these people fucking insane?

MuddBudd

Isn't there some sort of password you have to enter to do this kind of shit?

If this is a prank, it's a prank gone very wrong. He needs to sit his friends down and explain that if one of them fesses up, he won't file charges or anything. But if nobody admits to what they did, he's bringing in lawyers.

Daedalus

Thanatos wrote: »

What he needs to do is stop talking to them, and start talking to a lawyer.

Szechuanosaurus

Considering hacking is a felony, you're friend really needs to call the police and talk to a lawyer. Firstly because the university are accusing him of breaking the law and secondly because he is accusing his friend of breaking the law twice - once to use his computer without his computer and secondly to hack into another friend's university account while he was at it.

If the guy that did this refuses to confess, fuck him sideways with the law.

Proto

Descendant X wrote: »

I've been reading the thread on the other forum and the OP over there has said that his friends did it from his computer as a prank. No ip spoofing there. Sounds like he has a bunch of douchebags for friends. To top it off, they've also been telling him to take the rap for this as they'd apparently rather see him get fucked by the administration rather than man up and admit to the "prank" themselves.

Seriously, what kind of numbnuts drops someone from their university classes as a "prank?" Are these people fucking insane?

I'm also wiling to bet that the guy they did this to isn't a friend of theirs, otherwise it probably wouldn't be as serious as it is.

EggyToast

So what happened is that this computer of your friends was used to drop another kid from a class. So either your buddy's "friends" were at the guy's house and did it, or your friend did it and then went and bought gas somewhere.

I get the impression that there's something the buddy isn't mentioning, in an attempt to make people believe he's in the right (and therefore get advice in order to further prove that he's right, regardless of the truth). The university is essentially saying "you're either a complete asshole, or you're an idiot who leaves his computer wide open for your asshole 'friends.' Either way, why shouldn't we punish you for it?"

If his friends don't confess to it, and he honestly didn't do it, he needs to get new friends. They're obviously not bailing him out and taking the rap for it. If he did do it, he might as well confess as to what he actually did do. But if everything was on the up & up, he would've talked to a lawyer already and realized that getting suspended and expelled is far worse than paying a few hundred bucks for the problem to be fixed.