IP Address Question - Dead Thread by Midnight

[Mark Curphey <mark () curphey com>]

Given this is already somewhat off-topic and a very basic topic covered in many places on the Internet, I am going to 
kill it at midnight tonight unless it develops into an interesting webappsec thread.

---- lj-news <lj-news () umsys com> wrote:
> To effectively impersonate a remote IP and carry on TCP session I'm pretty sure either:
> A> you have to be able to guess the sequence numbers and interact with the server completely blind (since you'll 
> never get return traffic)
> B> you have to be using a man-in-the-middle attack to intercept the return traffic or manipulate the return path
>
> If that doesn't seem correct then someone please comment.
>
> -LJ
>
> -----Original Message-----
> From: Robin Fordham [mailto:robin_fordham () yahoo com]
> Sent: Thursday, September 25, 2003 12:11 PM
> To: webappsec () securityfocus com
> Subject: IP Address Question
>
>
> OK, here's a question. Is it possible for a hacker to
> impersonate an IP Address with regard to logging into
> web applications. The Paros3.0 tool that I'm using to
> test Session Hijacking does not let you change your IP
> Address, but I wanted to know if it was actually
> possible to do? It would help so that I can assess the
> probability of a particular attack from occurring.
>
> Cheers
>
> Robin
>
>
> =====
> ---------------------------------------
> Web Site: http://electricpiggy.com
> E-mail: robin_fordham () yahoo com
> ICQ: 15208257
> ---------------------------------------
>
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Shopping - with improved product search
> http://shopping.yahoo.com