Hello Bryan, Friday, September 5, 2003, 4:19:01 PM, you wrote:
BP> Based on the headers I have seen on two of the virus messages, BP> both forwarded by someone on the list, I haven't seen it spoof any BP> IP addresses, only the From line. I probably agree, but still have that nagging question about the router route caching. If that does really work, then they could spoof the IP also. BP> Well, I could probably send you a message that would render me BP> completely anonymous, relayed through 3 or four foreign proxy BP> servers chained together with only the last one showing up on the BP> smtp headers. There is software available in both windows and BP> Linux that allows that and I do have it. Yes, I'm familiar with that and also use it. That is not what I mean, though. BP> I could try to spoof a totally different IP from my ISP's network BP> by installing a second ethernet card and creating a second BP> interface for that one and setting the IP locally and maybe even BP> route through an open proxy on that one to deliver a spoofed IP, BP> but I am thinking that the net range would still be detectable BP> since the traffic has to go both ways and I have no way to hijack BP> the DNS, although I have seen this done. The scenario I am thinking of would be that you initiate the request, involving a DNS for, say, my computer(you can do this on the first, legitimate card if necessary). Once you get my IP, then you can send the email to me. My ISP would reply. Here's the sticking point. Would the reply simply follow the reverse path already established from you to me, or would the reply follow an entirely different route back to you? If the former, then you have essentially spoofed an IP address in your email to me. BP> that would be violating several US as well as international laws, BP> so I wouldn't really do that unless I had the sysadmin's BP> permission. Ah, yes, I guess there are legal problems in trying the experiment I was proposing. BP> And, I could send a message with fake header lines inserted to try to mask my BP> actual origin, True - this is not what I mean. BP> there are still ways to trace the origin provided you want to BP> follow it enough and get local administrators to help. Also, I bet the FBI can do wonders. :-) BP> I still don't think that a virus is intelligent enough to do any of these BP> things, though. If my router route caching idea really works, it doesn't need much intelligence to do it. Viruses already fake headers, including 'originator' ones that look like they're below the 'real' one, use open proxies, chains of forwarders, etc. -- rikona mailto:[EMAIL PROTECTED]
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
