[Home] [Groups] - Message: [Prev in Group] [Next in Group]
20030: Re: [MUD-Dev] Grief players with ip/dns spoofers
[Full Header] [Plain Text]
From: J C Lawrence <claw@2wire.com>
Newsgroups: nu.kanga.list.mud-dev
Date: Fri, 13 Jul 2001 15:32:54 -0700
References: [1] [2] <-newest
Organization: Kanga.Nu
On Thu, 12 Jul 2001 22:08:33 -0700
Sean Kelly <sean@ffwd.cx> wrote:
> From: "Tand'a-ur" <tandaur@ix.netcom.com>
>> Hi, long time lurker here...
<bow>
>> and I've just about had it with a few troublemakers that like to
>> frequent my MUD. Banning doesn't work because they have ip
>> spoofers and will just come back with another made up ip. I was
>> wondering if there is a way to detect a phony ip and just flat
>> out deny connections to them.
> Unless I'm misinformed, there is no way to maintain an interactive
> session with a spoofed IP.
As you allude later (I'm just adding specifics) the standard way is
to bounce the connection through an unsecured SOCKs proxy (eg one of
the many thousands of broken WinGate boxes out there) and from there
to the target system. If the cracker is especially paranoid he may
bounce through a series of such SOCKs redirectors thus retaining the
ability to build full TCP sessions.
> What happens is that the response packets go to whatever that IP
> is and not back to the originator.
Not if one of the routers between your server and them has been
compromised to rewrite the packets to their real IP.
--
J C Lawrence ("`-''-/").___..--''"`-._
---------(*) `6_ 6 ) `-. ( ).`-.__.`)
claw@kanga.nu (_Y_.)' ._ ) `._ `. ``-..-'
http://www.kanga.nu/~claw/ _..`--'_..-_/ /--'_.' ,'
I never claimed I was human (il),-'' (li),' ((!.-'
_______________________________________________
MUD-Dev mailing list
MUD-Dev@kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev