[vox-tech] Viruses
Jeff Newmiller
vox-tech@lists.lugod.org
Wed, 3 Mar 2004 11:50:27 -0800 (PST)
On Wed, 3 Mar 2004, Ryan wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Wednesday 03 March 2004 11:10 am, Danny Webster
> dpwebster-at-basiclabinc.com |lugod| wrote:
> > Pete,
> >
> > Good to know. What about the IP address, you can't even trust that can you
> > with IP spoofing can you?
>
> You can't spoof a TCP connection over the internet because of routing.
"Because of routing"? I would say that it is exactly because of routing
that it _can_ be done... but it requires either control over at least one
router in the normal routing path (to setup a temporary host route), or at
least control over a host located along that route combined with a lot of
work to synthesize and inject the appropriate packets into the route. It
is a _lot_ easier to spoof email than to spoof TCP, though... I usually
trust IP numbers found in Received From: headers down to the first
untrustworthy MTA.
It has also proven possible to fool certain implementations of TCP/IP to
originate a TCP spoof from somewhere off the normal routing path between
the target and the spoofed IP. [1]
[1] http://www.spirit.com/Network/net0501.html
---------------------------------------------------------------------------
Jeff Newmiller The ..... ..... Go Live...
DCN:<jdnewmil@dcn.davis.ca.us> Basics: ##.#. ##.#. Live Go...
Live: OO#.. Dead: OO#.. Playing
Research Engineer (Solar/Batteries O.O#. #.O#. with
/Software/Embedded Controllers) .OO#. .OO#. rocks...2k
---------------------------------------------------------------------------