Talk:IP address spoofing
29 May 2003: I have touched this entry up a bit, but all in all it's not too bad. Tarquin's comments about root exploits and what not are valid, but the entry never mentions this as possible. I've filled it out with references to syn flooding and smurf attacks (which both spoof source addresses).
I'm not sure if this entry should go on to talk about things like man-in-the-middle attacks, IPsec and key exchange and possibly how spam uses spoofed from addresses.... Idcmp
- A lot of people believe spoofing is simply the process of the hiding of the origin of an email. This section should be included. Perhaps it should be an article by itself to explain just what email spoofing is. It would benefit people who can direct traffic to this one 'email spoofing' page when they wish to explain to someone that "no, I didn't just send you a virus, a virus did" 184.108.40.206 18:35, 18 August 2005 (UTC)
Very inaccurate article.
IP-spoofing cannot lead to root-access on the system, unless the system is majorly misconfigured. This misconfiguration is not due to the fact that it is possible to spoof IP-addresses.
Spoofing is possible without getting the reply-packets, but if it is spoofed TCP-packets, the spoofed host would send RST packets back, indicating that the connection should be torn down by the receiving side -- thus ending the connection even before a three-way handshake is completed.
I could always edit it, but I would probably erase most of what is presented in it, and rewrite it from scratch. The 'notes' are second to worthless in their present state.
Spoofing TCP sucessfully sucessfully might be possible if you can predict the TCP pack sequence numbers - if I remember correctly, that is what Kevin Mitnick is supposed to have done. And if you are spoofing from the same LAN, it will be much easier - since you can see the real sequence numbers.
But the article sucks, and I am not sure what the reference to the Federal Standards has to do with it. I might do a re-write when I have the time. -- Michael
IP spoofing can be used for hiding real indentity in UDP based protocols. For example, peer A sends request to peer B (proxy), B forwards the packet to C, C sends reponse directly to A, but spoofs IP address. A does not see real IP address of C. If C spoofs IP address of B, A will see only one IP address - B. Rodi
Log on the node B can prove that there is something more interesting going on than simple data exchange between A and B. C also can ask B to forward packets to more than one destination. B/C will improve security by delaying responses and pretending that there is more bouncers (more nodes of B type) in the network
Another application of IP address spoofing and IP Port spoofing is avoiding some types of DDoS attacks.
I think that the sections named 'Data compression' and 'Satellite Internet access' should be deleted because they have nothing to do with IP address spoofing. 220.127.116.11 04:05, 16 March 2007 (UTC)