List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
-----BEGIN PGP SIGNED MESSAGE-----
William Kenworthy wrote:
> Can anyone comment whether IP spoofing (for hiding country of origin) is
> common? Seems quite unlikely - at least at the current state of things.
> Is it even possible to tell (at the firewall interface?)
I think that for hiding country of origin by IP spoofing is quite useless, at
least on the Internet (It might work on a single subnet, or if you pretend to be
another IP in your subnet, and then switches complicate it as well...)
AFAIK, you can't actually connect to a server with a spoofed IP, since the
server will send the reply packets to the spoofed IP, which will either drop
them or tell the server it doesn't want them.
Spoofed IPs are only good if you want to flood a server with them and not have
the admin know where they came from (not easily, anyway).
However, firewalls that automatically blacklist IPs that do weird things can be
exploited. Lets say you have connection rate limiting on your SSH port. I can
send your firewall spoofed packets that contain your IP, have it rate limit my
And then you can't connect. Not good...
Anyway, about hiding country of origin - its usually done using proxies. There
are many open proxies out there...
[Name ] :: [Matan I. Peled ]
[Location ] :: [Israel ]
[Public Key] :: [0xD6F42CA5 ]
[Keyserver ] :: [keyserver.kjsl.com]
encrypted/signed plain text preferred
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
-----END PGP SIGNATURE-----
email@example.com mailing list