tcp/routing question...
Lai Zit Seng
lzs at pobox.com
Tue Jun 7 15:05:04 UTC 2005
On Tue, 7 Jun 2005, bruce wrote:
> question.. is there a way for me, as the person running a server, able to
> determine the actual ip address of the client that i'm talking to. or is it
> seriously easy for a client (man in the middle) to spoof the ip address. in
> which case you can never be completely sure as to who you're talking to...
You will know reliably the ip address of the remote end of an established
tcp connection to your server.
But your context is that this could be a MITM attacker, so you want to
know who really is behind.
In practice, you can't determine that. A client that has been proxied to
your server is completely transparent... you just know you're talking to
the proxy. (Of course in the case of a web proxy, the proxy server often
injects extra info into the HTTP headers so you might be able to tell, but
that's beside the point.)
Think about even in the case of a NAT'ed client. You know only the public
IP. You wouldn't ever see the IP addresses behind the NAT gateway.
--
http://zitseng.com/
More information about the fedora-list
mailing list