Firewall Wizards mailing list archives
Re: Can a port be spoofed?
From: "Ryan Russell" <ryanr () sybase com>
Date: Fri, 2 Oct 1998 17:42:19 -0700
Not sure what you mean by "port spoofing." You're also only allowing particular IP addresses as well as ports, right? If you're not limiting things to a set of IP addresses, then it's trivial to use the right port numbers....standard IP functionality allows my machine to pick whatever port numbers I like. If you're also limiting things by IP address, then it's a little more challenging. If the transport is UDP, it's still trivial if I know the IP addresses and ports in question. If it's TCP then it's a bit harder, and depends on the sequence number predictability. If I'm able to monitor traffic between the two sites, then I can spoof the connection with almost no effort. So.... it's really not safe without some packet-level authentication, which usually means encryption of some sort. Ryan If a customer opens a dedicated port in their firewall and looks for a dedicated port from my firewall, is it likely to be spoofed. What is the level of difficulty?
Current thread:
- Can a port be spoofed? twalls - Troy Walls (Oct 02)
- Re: Can a port be spoofed? Chris Brenton (Oct 05)
- Re: Can a port be spoofed? Chris Cappuccio (Oct 05)
- <Possible follow-ups>
- Re: Can a port be spoofed? Ryan Russell (Oct 05)