Can you 'fake' an IP address?

Alejandro Imass aimass-EzYyMjUkBrFWk0Htik3J/w at public.gmane.org
Tue Mar 13 17:57:13 UTC 2012


On Mon, Mar 12, 2012 at 10:59 AM, Mike Kallies <mike.kallies-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> On 12/03/2012 10:11 AM, Thomas Milne wrote:
>> This is a quote from an article about this Pierre Poutine business:
>>
>> "When he went back and analyzed the data on that server, he realized
[...]
> true, you can't forge an IP address.  But if you're poisoning a DNS
> server, or lobbing in a broadcast ping, although you need to guess the
> transaction ID, you don't need a reply packet... so forging an IP is
> useful in some circumstances.
>

Yeah, I am no expert but even in these cases you need to be the man in
the middle or at least in the same network segment. Most modern
switches will automatically detect and block ARP poisoning but there
are a lot which don't . Anyway as you say it is highly unlikely as the
perpetrator must be (a) on the same segment/mask, (b) the network
infrastructure be old/cheap/hub , (c) OR the perpetrator has control
over a router/gateway where the poisoning is most effective. Even for
sniffing you need to be quite proficient and basically useless outside
a specific network segment.

-- 
Alejandro  Imass

>
>
> -Mike
> --
> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list