-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
bruce wrote: | are you sure about this...?? | | here's my question... | client (a) --->>>> bank server (b) | client (a) <<<--- bank server (b) | | if server b gets the data/information from 'a', server 'b should get ip | address 1.2.3.4, which is the real ip address of client 'a'. | | is there away for a mitm server, to get in the middle, manipulate the data | from 'a' to 'b', send the data to 'b' and spoof the ip address to look as | though the data came from 'a'..
Google "three way handshake". If the MITM machine pretends to be 1.2.3.4, then the bank server is going to address its replies to 1.2.3.4 and not the MITM machine.
- -Andy -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFCpbtVjKeDCxMJCTIRAiNJAJ9AMeOAHbicElNSOMdE2zkbX66CxwCeJN/D GKCKfLYL/bjbiJ1cZdDBPgQ= =NqAW -----END PGP SIGNATURE-----