Autor: Tim Jackson Fecha: A: exim-users Asunto: Re: [Exim] accept hosts
Hi Ron, on Thu, 01 Jul 2004 15:05:13 +0100 you wrote:
> If you have
> hostlist relay_from_hosts = "999.888.0.0/16
> Then is it possible for a connecting host to fake a 999.888 address.
Setting aside the implausibility of IPv4 address fragments that are
greater than 255 and assuming you mean "any arbitrary address block", the
answer is not without a great deal of difficulty, unless your OS has a
very weak TCP/IP stack (which is fairly unlikely given the OSes normally
used to run Exim). TCP connections (such as used by SMTP) are fairly
difficult to spoof to any degree of usefulness. Sure, anyone can send a
packet with an arbitrary faked source IP address (subject to filtering
along the way), but to do the relevant handshaking and establishing
meaningful two-way communication with a TCP-based protocol is difficult at
best unless the "attacker" is in a position to be able to *receive* (as
well as send) packets to the spoofed address.