Re: [Exim] Relay

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MRuth Ivimey-Cook at <-
M 
Delete this message
Reply to this message
Author: Tor Slettnes
Date:  
To: Ruth Ivimey-Cook
CC: Exim-users list
Subject: Re: [Exim] Relay
On Apr 9, 2004, at 10:10, Ruth Ivimey-Cook wrote:
> [...allowing relay from a set of IP addresses...]
> there is still a chance of spoofing (the
> sender IP address in an IP packet is _not_ necessarily truly the IP
> address
> of the sender).

Unless the spoofer is your upstream provider (man in the middle), it
will not be possible to establish a 2-way TCP stream by doing such
spoofing.

Spoofing is really only useful if you want to perform a DoS, and hide
your own IP address.
For instance:
# nmap -D 1.2.3.4,1.2.3.5,1.2.3.6,1.2.3.7 victimhost

However, you will not receive any "response" from the target, and so
you will not be able to establish a 2-way communication.[*]

[*] If you _know_ the composition of each TCP packet you'll receive in
return in advance, and the target host is one where TCP "sequence
number prediction" is trivial, then you can "simulate" a full
connection from a spoofed address. This is much, much, harder to do
though -- far beyond the technical skills of today's generation of
spammers.

-tor



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[Exim] exim 4.30 build errors in MySQLRe: [Exim] exim 4.30 build errors in MySQL->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)