OT: More Spam
Kevin D. Clark
kclark at CetaceanNetworks.com
Wed Jan 22 10:52:47 EST 2003
Derek Martin <gnhlug at sophic.org> writes:
> However it is still possible to spoof the source, IF the attacker has
> control of some machine (i.e. a router) which lives in the path the
> target host would use to send packets to the host which actually has
> the IP being used for spoofing (man, I hope that made sense). The
> attacker can listen for the replies to his packets on such a host,
> and generate the correct packets in response. [This would likely need
> to be automated to be fast enough to be of any use -- the router would
> essentially NAT the packets to the spoofing host.]
Actually, you don't even need to take over a router. You don't even
need to listen for replies either, assuming you sufficiently grok the
target's TCP stack.
> Obviously, this attack is extremely difficult, making it
> extraordinarily unlikely that anyone will successfully launch it
> against you. But it /is/ possible...
And indeed, this attack has been successfully used in the Real World.
--kevin
--
"It's colder than a ticket taker's smile at the Ivar theater on a
Saturday night."
-- Tom Waits
More information about the gnhlug-discuss
mailing list