On Wed, Jun 17, 2009 at 4:45 PM, Ian Hickson<[email protected]> wrote: > That's news to me. As far as I can tell short of a man-in-the-middle > attack it would take a phenomenal combination of a brute-force attack on > the sequence numbers and a simultaneous DOS of the spoofee's network > connection. > > In practice these systems exist, and IP spoofing HTTP traffic is, as Adam > put it, at least "moderately difficult". What you describe would change it > from "moderately difficult" to "trivial".
I don't know of any IP spoofing attacks that aren't public. I wouldn't trust the confientiality of my email to IP-based authentication, but I would trust the confientiality of my grocery list to it. Adam
