Security Incidents mailing list archives

Re: Spoofed IP port scan?

From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Wed, 15 Nov 2000 15:17:51 -0500

On Tue, 14 Nov 2000, Dave Chen wrote:

         Question:  If the IP is spoofed, how can the hacker get the
port scan information?  They either have to be on my up stream ISP or
the up stream of the source IP to the scan results, right?


not necessarily. i could, for example, spoof the source and listen on that
end only, not generating a single packet, or be between you and that
listening post.

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)

Current thread:

Spoofed IP port scan? Dave Chen (Nov 16)
- Re: Spoofed IP port scan? Jose Nazario (Nov 17)
- Re: Spoofed IP port scan? Russell Fulton (Nov 17)
- Re: Spoofed IP port scan? Valdis Kletnieks (Nov 17)