Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!decwrl!ucbvax!MCC.COM!AI.CLIVE
From: AI.CLIVE@MCC.COM (Clive Dawson)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Security and Access Restrictions
Message-ID: <12347511851.23.AI.CLIVE@MCC.COM>
Date: Mon, 2-Nov-87 19:28:22 EST
Article-I.D.: MCC.12347511851.23.AI.CLIVE
Posted: Mon Nov  2 19:28:22 1987
Date-Received: Sat, 7-Nov-87 10:24:30 EST
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 15


	If you have a serious interest in security then simply checking the
	IP addresses is not adequate because it is very easy to spoof IP
	addresses.

Is it really THAT easy to spoof IP addresses?  I agree that it's easy
for me to put a bogus IP address on an outbound packet.  But how do
I get the remote host to send packets back to me instead of to the
host I'm spoofing?   Perhaps an improvement to the described
security mechanism would be to match the various addresses appearing
in the packet (IP header, TCP or UDP header, etc.) to see if there
are disagreements.

Clive
-------