9 Aug
2002
9 Aug
'02
08:05
<SNIP>
No, you don't. If you spoof the IP, you wouldn't be able to get past the TCP handshake. If you don't have a connection, you couldn't send a wrong password and so you're unable to lock him out.
It would be possible if you are in control of the public sites router, but not for everyone.
</SNIP> I agree that a "true" spoofing of TCP isnt trivial, BUT: What about SOCKS or HTTP proxies? Even the dumb takeover kiddies on IRC know how to "spoof" theyr IPs with proxies. What about ./ any shell provider box with a /16 subnet of IPs assigned? Oh woo. Someone I know usually telnets off some cisco routers... Just my two cents Chris