Author: Tor Slettnes Date: To: Ruth Ivimey-Cook CC: Exim-users list Subject: Re: [Exim] Relay
On Apr 9, 2004, at 10:10, Ruth Ivimey-Cook wrote: > [...allowing relay from a set of IP addresses...]
> there is still a chance of spoofing (the
> sender IP address in an IP packet is _not_ necessarily truly the IP
> address
> of the sender).
Unless the spoofer is your upstream provider (man in the middle), it
will not be possible to establish a 2-way TCP stream by doing such
spoofing.
Spoofing is really only useful if you want to perform a DoS, and hide
your own IP address.
For instance:
# nmap -D 1.2.3.4,1.2.3.5,1.2.3.6,1.2.3.7 victimhost
However, you will not receive any "response" from the target, and so
you will not be able to establish a 2-way communication.[*]
[*] If you _know_ the composition of each TCP packet you'll receive in
return in advance, and the target host is one where TCP "sequence
number prediction" is trivial, then you can "simulate" a full
connection from a spoofed address. This is much, much, harder to do
though -- far beyond the technical skills of today's generation of
spammers.