Hello Derek, Thursday, September 4, 2003, 10:03:13 PM, you wrote:
>> If the virus sets up a stack that is *completely* independent, >> could it use a different, spoofed IP address? Say, for example, one >> that was in the headers of the infected machine email files - real, >> verifiable, but not the address from which it was actually sent. >> [66.32.127.184] >> DJ> Yes it could send IP packets with a false IP address in them, but DJ> then the IP acknowlege packets being returned will go to the DJ> wrong place and any Level 3 protocol such as SMTP will fail I realize a new access would require a lookup. But, would the already-established route be retained for a short time, and thus go back to the faked originator, or does each intermediate router look up a brand new route for every packet sent/received? The latter process doesn't seem very efficient. I would think the route might be cached for a while, at least - but I don't know the guts of these things. -- rikona mailto:[EMAIL PROTECTED]
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
