Re: IP Spoofing.

[Robert Graham <robert_david_graham () yahoo com>]

--- "Christopher C. Petro" <petro () atypon com> wrote:
> Ok, this is probably not the kind of request that most of you will 
> want to answer, but I just got in an argument with my boss about IP 
> spoofing. He claims it is not possible to spoof an IP number, whilst 
> I am almost certain it is.
>
> Could anyone provide me with a link or pointer to information that I 
> could use to prove him wrong, or to information that proves me wrong?

You are both wrong/right :-)

When people first hear of the phrase "IP spoofing", the immediately assume that
this magical technique will allow them to hide their identity while they surf
the web, talk in chat rooms, etc. This is probably your bosses perspective, and
he is right -- it won't work this way. When you spoof your IP address, you'll
never see the responses, so communication breaks down.

However, spoofing your IP address doesn't stop your packets from going out to
the target. As it turns out, there are lots of attacks that don't require
seeing responses. Some, like the "smurf" attacks, even require you to spoof the
IP address of the victim.

Anyway, some links are listed at:
http://www.networkice.com/advice/underground/hacking/methods/technical/spoofing/


===
Robert Graham
"Anxiously awaiting the millenium so I can start programming
dates with 2-digits again."
__________________________________________________
Do You Yahoo!?
Bid and sell for free at http://auctions.yahoo.com