Mailing List SIMS@mail.stalker.com Message #15526
From: Bill Cole <listbill@scconsult.com>
Subject: Re: dictionary
Date: Wed, 15 Aug 2007 23:03:54 -0400
To: SIMS Discussions <SIMS@mail.stalker.com>
At 10:12 AM -0700 8/15/07, Joe Wagner  imposed structure on a stream of electrons, yielding:
On 8/15/2007, Bill Cole <listbill@scconsult.com>
IP spoofing for SMTP or any other chatting protocol over TCP is effectively impossible in the wild. The legend about IP spoofing date to the early 90's and  are grounded in very narrow facts.

I thought I recall hearing about a spammer who, with the cooperation of his ISP would send out spam via high-capacity lines with spoofed IPs pointing back to dial-up lines that the spammer was also listening on, allowing him to close the communication loop -- and effectively making it look like his spam came from dial-up accounts that were sending a T-1's worth of upstream spam.

Now, I only heard of that report as a historical reference and contemporaneous news report so was that in fact an e-urban legend?


That was a real strategy circa 2000 but there's no spoofing involved there. The spammer was the legitimate(ish) holder of the IP's he was using. It is also unclear that the ISP's involved were actively cooperating. At the time (and I believe still to this day) most ISP's never bother looking at the packets coming from their customers to assure that they carry source IP addresses given to them by that provider.

There are actually legitimate uses for that class of asymmetrical routing. For example, it is useful in reducing satellite latency problems to have a modest land line over which otherwise empty ACK packets are sent, with a source IP that  is routed from the world at large over the high-bandwidth but high-latency satellite link.


--
Bill Cole                                  bill@scconsult.com

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster