Re: [Exim] Relay

Page principale
Ce message fait partie du fil suivant :
MArborescence complète du fil triée par date
MRuth Ivimey-Cook à <-
M 
Supprimer ce message
Répondre à ce message
Auteur: Tor Slettnes
Date:  
À: Ruth Ivimey-Cook
CC: Exim-users list
Sujet: Re: [Exim] Relay
On Apr 9, 2004, at 10:10, Ruth Ivimey-Cook wrote:
> [...allowing relay from a set of IP addresses...]
> there is still a chance of spoofing (the
> sender IP address in an IP packet is _not_ necessarily truly the IP
> address
> of the sender).

Unless the spoofer is your upstream provider (man in the middle), it
will not be possible to establish a 2-way TCP stream by doing such
spoofing.

Spoofing is really only useful if you want to perform a DoS, and hide
your own IP address.
For instance:
# nmap -D 1.2.3.4,1.2.3.5,1.2.3.6,1.2.3.7 victimhost

However, you will not receive any "response" from the target, and so
you will not be able to establish a 2-way communication.[*]

[*] If you _know_ the composition of each TCP packet you'll receive in
return in advance, and the target host is one where TCP "sequence
number prediction" is trivial, then you can "simulate" a full
connection from a spoofed address. This is much, much, harder to do
though -- far beyond the technical skills of today's generation of
spammers.

-tor



Ce message a été envoyé sur les listes de diffusion suivantes :
Exim-users
Informations sur la liste de diffusion | Messages voisins		<-[Exim] exim 4.30 build errors in MySQLRe: [Exim] exim 4.30 build errors in MySQL->
Tahini and Hummus and Cumin Development Archives administré par cumin AdminsLurker (version 2.3)