> How does spoofing work?
>
> If I change the source address of my outbound packet,
> how do I get the response? How does it get back to me?
>
> -- Dee
Simply put.... it doesn't get back to you.
Spoofing usually is used with ICMP instead of TCP. ICMP doesn't require any
acknowledgement to perform it's function. That's why it's used in many DOS
attacks, where the victim replies to packets with spoofed address, but reply
TO the spoofed address, flooding both the victim and the spoofed IP.
It gets more complicated when you consider that with enough packets sent to
a machine, you can predict it's acknowledgement # in certain cases, so you
can spoof an address, and when you watch the spoofed address when connecting
to it again, by checking it's ack number, you can (in some cases) guess if
the connection was successful or not. That technique is used in some port
scanner to be able to anonymously scan a host, by using a spoofed address.
-Alain Gagnon
