1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
William Kenworthy wrote: |
5 |
> Can anyone comment whether IP spoofing (for hiding country of origin) is |
6 |
> common? Seems quite unlikely - at least at the current state of things. |
7 |
> Is it even possible to tell (at the firewall interface?) |
8 |
> |
9 |
> BillK |
10 |
|
11 |
I think that for hiding country of origin by IP spoofing is quite useless, at |
12 |
least on the Internet (It might work on a single subnet, or if you pretend to be |
13 |
another IP in your subnet, and then switches complicate it as well...) |
14 |
|
15 |
AFAIK, you can't actually connect to a server with a spoofed IP, since the |
16 |
server will send the reply packets to the spoofed IP, which will either drop |
17 |
them or tell the server it doesn't want them. |
18 |
|
19 |
Spoofed IPs are only good if you want to flood a server with them and not have |
20 |
the admin know where they came from (not easily, anyway). |
21 |
|
22 |
However, firewalls that automatically blacklist IPs that do weird things can be |
23 |
exploited. Lets say you have connection rate limiting on your SSH port. I can |
24 |
send your firewall spoofed packets that contain your IP, have it rate limit my |
25 |
spoofed packets. |
26 |
|
27 |
And then you can't connect. Not good... |
28 |
|
29 |
Anyway, about hiding country of origin - its usually done using proxies. There |
30 |
are many open proxies out there... |
31 |
|
32 |
- -- |
33 |
[Name ] :: [Matan I. Peled ] |
34 |
[Location ] :: [Israel ] |
35 |
[Public Key] :: [0xD6F42CA5 ] |
36 |
[Keyserver ] :: [keyserver.kjsl.com] |
37 |
encrypted/signed plain text preferred |
38 |
|
39 |
-----BEGIN PGP SIGNATURE----- |
40 |
Version: GnuPG v1.4.1 (GNU/Linux) |
41 |
|
42 |
iD8DBQFDRPpJA7Qvptb0LKURAsdQAKCDM4797OODEaG4oZrh6ngY4MqU9wCfTJ/r |
43 |
pgkv/3N54kfgGt7HqXvki7E= |
44 |
=m21U |
45 |
-----END PGP SIGNATURE----- |
46 |
-- |
47 |
gentoo-security@g.o mailing list |