Re: Can a port be spoofed?

["Ryan Russell" <ryanr () sybase com>]

Not sure what you mean by "port spoofing."

You're also only allowing particular IP addresses
as well as ports, right?

If you're not limiting things to a set of IP addresses, then
it's trivial to use the right port numbers....standard IP
functionality allows my machine to pick whatever port numbers
I like.

If you're also limiting things by IP address, then it's a little more
challenging.

If the transport is UDP, it's still trivial if I know the IP addresses
and ports in question.

If it's TCP then it's a bit harder, and depends on the sequence
number predictability.

If I'm able to monitor traffic between the two sites, then I can
spoof the connection with almost no effort.

So.... it's really not safe without some packet-level authentication,
which usually means encryption of some sort.

                    Ryan








If a customer opens a dedicated port in their firewall and looks for a
dedicated port from my firewall, is it likely to be spoofed.  What is
the level of difficulty?