[svlug] ip address spoofing

J C Lawrence claw at kanga.nu
Thu Oct 24 14:36:44 PDT 2002


On Thu, 24 Oct 2002 12:58:25 -0400 
George Georgalis <georgw at galis.org> wrote:

> Is there any way to spoof the source IP in a TCP/IP transaction? What
> level of confidence can be had that SMTP mail truly was delivered from
> the highest "Received: from" line in headers?

Any Received: header prior to the one your own MTA added is
untrustworthy.  It may be correct, or it may be forged.

> I'm wondering if there is a way to (transverse the internet and)
> connect to a remote server and preform a transaction (one way if
> necessary), as if coming from a machine I have no access to. I suspect
> UDP yes, TCP no.

You can use proxy bounces, such as the old SOCK bounces, for TCP and UDP.

-- 
J C Lawrence                
---------(*)                Satan, oscillate my metallic sonatas. 
claw at kanga.nu               He lived as a devil, eh?		  
http://www.kanga.nu/~claw/  Evil is a name of a foeman, as I live.




More information about the svlug mailing list