Penetration Testing mailing list archives

Spoofed IP address

From: xun dong <xundong () cs york ac uk>
Date: Fri, 22 Sep 2006 16:54:07 +0100

Thanks everyone who read and answer my question.

Given a scenario as below:

When someone wants to launch a man-in-the-middle attack on thecommunication between the client and server. In order to make it moretransparent(hard to discover) can the attacker pretended to has the sameIP address as the server(when handling the communication with clientend) while pretending to has the same IP address as the client(whenhandling the communication with server end). If it is possible, can youtell me your solutions.

This is not used to generate real attacks, it is just a concern I comecross when designing a communication system.


Thanks a lot.

Xun Dong

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Current thread:

Spoofed IP address xun dong (Sep 23)
- Re: Spoofed IP address crazy frog crazy frog (Sep 24)
  - Re: Spoofed IP address Al Bam (Sep 24)
- Re: Spoofed IP address Cedric Blancher (Sep 24)
- Re: Spoofed IP address[Scanned] Davie Elliott - Eluse (Sep 24)