tcp/routing question...

bruce bedouglas at earthlink.net
Tue Jun 7 15:18:48 UTC 2005


are you sure about this...??

here's my question...
 client (a)  --->>>> bank server (b)
 client (a)  <<<---  bank server (b)

if server b gets the data/information from 'a', server 'b should get ip
address 1.2.3.4, which is the real ip address of client 'a'.

is there away for a mitm server, to get in the middle, manipulate the data
from 'a' to 'b', send the data to 'b' and spoof the ip address to look as
though the data came from 'a'..

-bruce


-----Original Message-----
From: fedora-list-bounces at redhat.com
[mailto:fedora-list-bounces at redhat.com]On Behalf Of Andy Green
Sent: Tuesday, June 07, 2005 8:07 AM
To: For users of Fedora Core releases
Subject: Re: tcp/routing question...


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

bruce wrote:

| question.. is there a way for me, as the person running a server, able to
| determine the actual ip address of the client that i'm talking to. or
is it
| seriously easy for a client (man in the middle) to spoof the ip
address. in
| which case you can never be completely sure as to who you're talking to...

It's not generally possible to really spoof your IP address on a TCP/IP
connection, where that means you appear to be coming from
123.123.123.123 when you are at 4.4.4.4, and you have no contact or
control over 123.123.123.123.  (Google "three way handshake" for the
reason why).

What is certainly possible (even easy) is to proxy through another
machine... in the case above if you did control 123.123.123.123, the guy
at 4.4.4.4 could proxy through it and appear in your logs as being at
123.123.123.123.

- -Andy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFCpbf5jKeDCxMJCTIRAmzTAJwKh3Wn8ZHXxAoNZBw46g+PsvFp0QCdHru8
k/oJ6TQZvsbvpDgwu48F4ow=
=8McU
-----END PGP SIGNATURE-----

--
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list




More information about the fedora-list mailing list