On Monday 08 July 2002 12:49 am, Ed Street wrote: > Hello, > > This is most commonly seen in spam mail.
I most commonly see it in port scans, and probes for http / sql holes. Spam mail may contain misleading headers (until you get to learn where to stop reading the machine names, and realise that the headers have been rigged from that point on), but they can't disguise the real IP address of the relay machine which fed the mail into the smtp chain... Antony. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Antony Stone > Sent: Sunday, July 07, 2002 7:44 PM > To: [EMAIL PROTECTED] > Subject: Re: hosts.deny > > On Monday 08 July 2002 12:36 am, George Vieira wrote: > > spoofed as in local IP coming in from the internet.. > > I call that ingress filtering. > > I regard spoofing as an incoming connection with a plausible but false > source > address, typically used on Denial of Service attacks, either to disguise > the > true source of the attack, and/or to cause an active IDS to block access > to > networks you really don't want to block. > > > > Antony.
