Security Basics mailing list archives
RE: Spoofing an IP over the internet
From: Steven Trewick <STrewick () joplings co uk>
Date: Fri, 26 Nov 2004 14:21:57 -0000
From: Simon [mailto:simon () xhz ca]
Yes, but the problem that I fear is a hacker changing his IP address automatically for each TCP/IP packets sents without the need of disconnecting/reconnecting.
It would be extremely difficult (impossible?) to conduct a TCP handshake if you use a different IP address for each packet, and the same goes for transfer of data via TCP to/from standard services. (IMHO) UDP is obvioulsy a different beast altogether, (and despite what others have said about the impossibility of spoofing accross the internet, it is not impossible, merely becoming more difficult) and I regularly see quite obviously spoofed UDP packets arriving at my network border. (The torrent of messenger spam being a good example of this)
Also if the IP could be spoofed, it would be difficult to find where the attack is comming from
That is, of course, the whole point of IP spoofing ;-)
or we would need other means of understanding where the attack is comming from.
Here are some resources you may find interesting, if not to helpful ;-) Following the Journey of a Spoofed Packet http://www.scs.carleton.ca/~dlwhyte/whytepapers/ipspoof.htm Tracking Spoofed IP Addresses Version 2.0 http://www.cymru.com/Documents/tracking-spoofed.html Despoof is a free, open source tool that measures the TTL to determine if a packet has been spoofed or not. http://www.bindview.com/Support/RAZOR/Utilities/Unix_Linux/despoof_readme.cf m Hope these help a bit Steve Trewick The information contained in this e-mail is confidential and may be privileged, it is intended for the addressee only. If you have received this e-mail in error please delete it from your system. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. Whilst Joplings Group operates an e-mail anti-virus program it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. joplings.co.uk
Current thread:
- Spoofing an IP over the internet Simon (Nov 22)
- Re: Spoofing an IP over the internet Alexander Klimov (Nov 22)
- Re: Spoofing an IP over the internet Simon (Nov 26)
- Re: Spoofing an IP over the internet Nuno Costa (Nov 27)
- Re: Spoofing an IP over the internet Simon (Nov 26)
- RE: Spoofing an IP over the internet Philip Wagenaar (Nov 22)
- RE: Spoofing an IP over the internet David Gillett (Nov 23)
- Re: Spoofing an IP over the internet Simon (Nov 24)
- Re: Spoofing an IP over the internet Simon (Nov 26)
- RE: Spoofing an IP over the internet David Gillett (Nov 23)
- <Possible follow-ups>
- RE: Spoofing an IP over the internet Steven Trewick (Nov 27)
- Re: Spoofing an IP over the internet Alexander Klimov (Nov 22)