On Mon, 27 Aug 2001, Q u a s i wrote:
At 03:06 PM 8/26/01 +0530, Philip wrote:
udp has no source address, so although tcpd will work, there's no way it can do source ip based filtering.
How does one respond to the UDP message (if you want to) then? UDP does not do handshakes and connection establishment but I think it has source address. In fact, is there any packet without source
Ya, sorry, my bad. UDP does have a source address, because that's in the IP header. UDP however does not estabilish a connection, so there's just a single packet sent at a time.
_spoofed_ source IP's. But I also hear that newer Routers can be configured not to forward (outgoing) packets if their source IP's do not belong to their subnet.
One can also do a reverse lookup on the host to find out if the IP was spoofed or not. It is possible to spoof this too, but much much harder than just spoofing IPs. Remember, IP spoofing requires a very large amount of guesswork. Spoofing a reverse look up as well increases hardness exponentially.
Philip