-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi again Dee,
Spoofing is usually for subversion of trust attacks and work with session hijacking. Probably the most famous example of this would be the Christmas attack by mitnick (I believe he spoofed his ip to be that of the trusted system during when he hijacked the session and syn-flooded the host. Maybe I am confused and this is just tcp sequence predicition I am talking about). Also spoofing is used when you don't care about the return packet (ie d0s Dd0s). Lastly someone on this list posted a link to a great article on doing idle scans with nmap and hping2. Below is the link. HTH and not confused, Leon http://www.sans.org/infosecFAQ/audit/hping2.htm - -----Original Message----- From: Dee Harrod [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 27, 2001 3:18 PM To: SecurityBasics Subject: Spoofing question? How does spoofing work? If I change the source address of my outbound packet, how do I get the response? How does it get back to me? - -- Dee __________________________________________________ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPAeoB9qAgf0xoaEuEQLsqQCg4PpTzQodLGkJkkAaksdAlwwlPIkAoITw VJHv3BjRxEpT78aWReiys5mS =AnFg -----END PGP SIGNATURE-----
