30 Oct
2001
30 Oct
'01
13:45
Thats why i was wondering how you can detect spoofing hosts. Don't they show up in your logs? I know NT detects when another machine
I'm a Unix security newbie and missed the start of this thread. But I like what you say and am interested in any responses. tries to use the same IP - I guess Linux would too?
And why can spoofing be so dangerous, i couldn´t think of an good example. Many daemons rely on IP address authentication, look at tcpd, Apache even NFS and NIS.
If I can pretend to be your NIS master then I can gain access to your machine. If I pretend to be an NFS client I can view (and possible write to) NFS exports. -- Simon Oliver