On Tue, Nov 27, 2001 at 12:18:06PM -0800, Dee Harrod wrote: > How does spoofing work? > > If I change the source address of my outbound packet, > how do I get the response? How does it get back to me? > If the spoofed source address is one you can't monitor, then it doesn't get back to you. There are two techniques generally useful with spoofing, one is to spoof the address of a machine close enough to you that you can sniff it, then sniff the responses headed back to there, the more common use is to hide yourself when doing say a port scan, for each port you scan it several times, with mostly spoofed addresses, to hide your own address which scanned it somewhere in the middle of that flood...
-- Jason Kohles [EMAIL PROTECTED] Senior System Architect (703)786-8036 (cellular) Red Hat Professional Consulting (703)456-2940 (office)
