Ethereal-users: RE: [Ethereal-users] Spoofed packets...

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Jeff Parker <jparker@xxxxxxxxxxxx>
Date: Mon, 10 Sep 2001 09:47:06 -0400
> ...if someone is scanning a machine using spoofing
> you get the wrong address(of course that's the point) so you 
> can't use it as a reliable ip for traceroute.  But the 
> originating ip must be listed somewhere in the syn packet 

It is quite easy to put a packet out with the wrong 
IP information.  With a bit more access to the Ethernet
driver, it is quite easy to put an arbitrary hardware
source address.  Putting this into a forceful DOS attack
is described in a number of places.

Packets are no harder to forge than business cards.  

- jeff parker
- axiowave networks