[svlug] ip address spoofing

Robert Hajime Lanning lanning at lanning.cc
Thu Oct 24 11:24:06 PDT 2002


On Thu, 24 Oct 2002, George Georgalis wrote:
> Is there any way to spoof the source IP in a TCP/IP transaction? What
> level of confidence can be had that SMTP mail truly was delivered from the
> highest "Received: from" line in headers?
>
> Note I'm not talking about stealing an IP from an unprotected WAP, see
> http://www.newarchitectmag.com/documents/s=7555/na0902h/index.html
>
> I'm wondering if there is a way to (transverse the internet and) connect
> to a remote server and preform a transaction (one way if necessary), as if
> coming from a machine I have no access to. I suspect UDP yes, TCP no.
>
> Ideas, resources, links? (note, I do have scruples and this inquiry is
> primarily to cover my end when pursuing unauthorized SMTP access)

The only way to spoof a complete TCP session is one of two ways:

1) gain control of routing for the spoofed IP address.
2) be in the actual path the packet would take to get to the real owner of
   the spoofed address.

-- 
END OF LINE




More information about the svlug mailing list