[vox-tech] Viruses

Jeff Newmiller vox-tech@lists.lugod.org
Wed, 3 Mar 2004 11:50:27 -0800 (PST)


On Wed, 3 Mar 2004, Ryan wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Wednesday 03 March 2004 11:10 am, Danny Webster 
> dpwebster-at-basiclabinc.com |lugod| wrote:
> > Pete,
> >
> > Good to know.  What about the IP address, you can't even trust that can you
> > with IP spoofing can you?
> 
> You can't spoof a TCP connection over the internet because of routing.

"Because of routing"?  I would say that it is exactly because of routing
that it _can_ be done... but it requires either control over at least one
router in the normal routing path (to setup a temporary host route), or at
least control over a host located along that route combined with a lot of
work to synthesize and inject the appropriate packets into the route.  It
is a _lot_ easier to spoof email than to spoof TCP, though... I usually
trust IP numbers found in Received From: headers down to the first
untrustworthy MTA.

It has also proven possible to fool certain implementations of TCP/IP to
originate a TCP spoof from somewhere off the normal routing path between
the target and the spoofed IP. [1]

[1] http://www.spirit.com/Network/net0501.html

---------------------------------------------------------------------------
Jeff Newmiller                        The     .....       .....  Go Live...
DCN:<jdnewmil@dcn.davis.ca.us>        Basics: ##.#.       ##.#.  Live Go...
                                      Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/Batteries            O.O#.       #.O#.  with
/Software/Embedded Controllers)               .OO#.       .OO#.  rocks...2k
---------------------------------------------------------------------------