I wrote:
In particular, you can't really spoof IP addresses on SSH
sessions. The
server needs to be able to get packets back to the (possibly attacking)
client, which means the client's IP address must be routable.
Joel wrote:
Okay, educate me. Why is a spoofed IP address known to be not
routable?
Yes, I over-simplified this. I should have said routable back to the
client. Imagine you're sitting in Power Cable, Nebraska, attacking a
computer in Nether Wallop, UK, and spoofing a computer in
Henley-on-Todd, Australia. You send a packet to the UK, which replies to
it. But it sends the reply to Australia: you never see it.
But you need to see data from that packet to be able to continue the
connection.
Hope this helps,
James.
--
E-mail address: james | A woodpigeon would, If a woodpigeon could,
@westexe.demon.co.uk | But a woodpigeon can't, So it won't.
| A woodpigeon could, If a woodpigeon would,
| But a woodpigeon doesn't want to. So it doesn't.