Hello Bryan, Monday, September 8, 2003, 11:36:12 AM, you wrote:
BP> Rikona, I fond a kind of nice little document that talks about IP BP> spoofing in general. Thanks much for the document. It is a nice description. It also contains a few references that have even more info relating to our discussion. In going through them, I get the idea that the return address is NOT cached from address data in the packets. It might be cached once a valid forward connection has been established, based on a lookup, but this would eliminate the method I was proposing. So - it seems as though the idea I had would not work. The references also went into some details about the various handshaking that must take place in the connection. These details will also make it more difficult to do the spoof. Along the way, I also looked at a number of ways one CAN spoof an IP address. They are much more complicated than what I was proposing, but they can/have been done. Most involve tricky timing issues in order to work, and thus might not be practical for spoofing IP addresses in email. I would not put it past a clever hacker to put together code to try to do this, though. Even if only 10-20% of the attempts actually work, it would still be a threat. Whew! This took a bit of work to understand. :-) Again, many thanks for your patience in going through this. -- rikona mailto:[EMAIL PROTECTED]
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com