Re: [Exim] Relay

Página Inicial
Delete this message
Reply to this message
Autor: Tor Slettnes
Data:  
Para: Ruth Ivimey-Cook
CC: Exim-users list
Assunto: Re: [Exim] Relay
On Apr 9, 2004, at 10:10, Ruth Ivimey-Cook wrote:
> [...allowing relay from a set of IP addresses...]
> there is still a chance of spoofing (the
> sender IP address in an IP packet is _not_ necessarily truly the IP
> address
> of the sender).


Unless the spoofer is your upstream provider (man in the middle), it
will not be possible to establish a 2-way TCP stream by doing such
spoofing.

Spoofing is really only useful if you want to perform a DoS, and hide
your own IP address.
For instance:
# nmap -D 1.2.3.4,1.2.3.5,1.2.3.6,1.2.3.7 victimhost

However, you will not receive any "response" from the target, and so
you will not be able to establish a 2-way communication.[*]

[*] If you _know_ the composition of each TCP packet you'll receive in
return in advance, and the target host is one where TCP "sequence
number prediction" is trivial, then you can "simulate" a full
connection from a spoofed address. This is much, much, harder to do
though -- far beyond the technical skills of today's generation of
spammers.

-tor