On Wed, 16 Feb 2000 09:21:46 +1300, [EMAIL PROTECTED] writes: >(mail/web server)... so if someone was able to obtain that ip address and >use it as his/her own to get in, he/she will succeed. > >Is that really what ip spoofing is?? an outsider assigning his/her PC a >valid ip address of a companies in order to get inside the network??? If >so, how would I protect against this??
somewhat. with most ISPs you can send out packets with every source-ip you like, but the return path would differ, so, with a spoofed from, you wouldn´t get any packet back. imagine you allowed murphy.debian.org [209.41.108.199] full access to your machine and I would want to spoof that address. I´ll send out a packet something like: from: 209.41.108.199 to: <your ip> this packet would travel all the way to your machine, which quite probably would send an according answer packet to 209.41.108.199. but as I only spoofed the source of the original packet and not international routing, the answer packet would travel back to the real murphy.debian.org [209.41.108.199], which would quite probably discard it. so this kind of spoofing only makes "sense" in certain situations: - I could cause trouble with only one packet - I simply want to hide where a malicious packet came from or a combination of the above (denial of servive for example). also in most cases you cannot really protect against such attacks, only the ISP where the malicious packet originated can, allowing only packets to the outside where the source-address is also routed back to his user. you can compare that to postal delivery: you send out a letter "from: <your neighbor>", the letter will arrive at the destination, but any answer will go to your neighbor because you the postman doesn´t know that your´re spoofing your neighbors name&address. hth, &rw -- / Robert Waldner <[EMAIL PROTECTED]> | Phone: +43 1 89933 0 Fax x533 \ \ KPNQwest/AT tech staff | Diefenbachg. 35 A-1150 Wien /
