-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
bruce wrote:
| question.. is there a way for me, as the person running a server, able to | determine the actual ip address of the client that i'm talking to. or is it | seriously easy for a client (man in the middle) to spoof the ip address. in | which case you can never be completely sure as to who you're talking to...
It's not generally possible to really spoof your IP address on a TCP/IP connection, where that means you appear to be coming from 123.123.123.123 when you are at 4.4.4.4, and you have no contact or control over 123.123.123.123. (Google "three way handshake" for the reason why).
What is certainly possible (even easy) is to proxy through another machine... in the case above if you did control 123.123.123.123, the guy at 4.4.4.4 could proxy through it and appear in your logs as being at 123.123.123.123.
- -Andy -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFCpbf5jKeDCxMJCTIRAmzTAJwKh3Wn8ZHXxAoNZBw46g+PsvFp0QCdHru8 k/oJ6TQZvsbvpDgwu48F4ow= =8McU -----END PGP SIGNATURE-----
