-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of David
Woodhouse
Sent: dinsdag 23 november 2004 11:37
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Can the SPF technique be used to stop
IP address spoofing?
I've just had a great idea. IP spoofing can be a big problem -- it can
be used to poison DNS caches and hijack TCP sessions,
Hijack TCP sessions??
IP is basically a routing wrapper for layer 4, which contains the
Transmission Control Protocol (TCP). Participants in a TCP session must
first build a connection, via the 3-way handshake (SYN-SYN/ACK-ACK), then
update one another on progress, via sequences and acknowledgements. Within
the established connection, "sequence prediction" is almost impossible. In
the old days, it was relatively easy to discover the exact formula by
studying packets and TCP sessions. Today, most OS-es implement random
sequence number generation, making it extremely difficult to predict them
accurately.
Hence, TCP/IP spoofing, within an established connection, though perhaps
theoretically a possibility, is close to impossible. If it were possible,
do you not think every spammer would use it? Believe me, if spammers had
devised such an apparatus that could successfully spoof established TCP/IP
connections, they would be sitting on something worth a lot more than
their stupid spam!
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx