From: Wolfgang S. Rupprecht > 2) Forging the source IP in a TCP packet and succeeding in negotiating > the 3-way handshake isn't all that simple any more. I wouldn't > worry about it. If someone could forge that reliably, there is > much better game to go after (like breaking into machines that > still use IP addresses for authorization.) Someone spoofing an IP > so that you mistakenly block an innocent party is pretty much > wasting a good trick.
Is it possible at all? You spoof your address to appear as my ISP for the source address of a TCP connection. You send a SYN packet seeming to appear from the ISP. I send SYN+ACK back to that ISP address. ISP drops it because that address never sent SYN in first place. You never get anything back, neither do I, and no TCP handshake occurs. Or does this involve a much more sophisticated attack than I'm imagining? DS
