I wrote:
> In particular, you can't really spoof IP addresses on SSH sessions. The
> server needs to be able to get packets back to the (possibly attacking)
> client, which means the client's IP address must be routable.
Joel wrote:
> Okay, educate me. Why is a spoofed IP address known to be not routable?
Yes, I over-simplified this. I should have said routable back to the
client. Imagine you're sitting in Power Cable, Nebraska, attacking a
computer in Nether Wallop, UK, and spoofing a computer in
Henley-on-Todd, Australia. You send a packet to the UK, which replies to
it. But it sends the reply to Australia: you never see it.
But you need to see data from that packet to be able to continue the
connection.
Hope this helps,
James.
--
E-mail address: james | A woodpigeon would, If a woodpigeon could,
@westexe.demon.co.uk | But a woodpigeon can't, So it won't.
| A woodpigeon could, If a woodpigeon would,
| But a woodpigeon doesn't want to. So it doesn't.
