[svlug] ip address spoofing

Robert Hajime Lanning lanning at lanning.cc
Thu Oct 24 11:24:06 PDT 2002

On Thu, 24 Oct 2002, George Georgalis wrote:
> Is there any way to spoof the source IP in a TCP/IP transaction? What
> level of confidence can be had that SMTP mail truly was delivered from the
> highest "Received: from" line in headers?
> Note I'm not talking about stealing an IP from an unprotected WAP, see
> http://www.newarchitectmag.com/documents/s=7555/na0902h/index.html
> I'm wondering if there is a way to (transverse the internet and) connect
> to a remote server and preform a transaction (one way if necessary), as if
> coming from a machine I have no access to. I suspect UDP yes, TCP no.
> Ideas, resources, links? (note, I do have scruples and this inquiry is
> primarily to cover my end when pursuing unauthorized SMTP access)

The only way to spoof a complete TCP session is one of two ways:

1) gain control of routing for the spoofed IP address.
2) be in the actual path the packet would take to get to the real owner of
   the spoofed address.


More information about the svlug mailing list