[MUD-Dev] Grief players with ip/dns spoofers

Robert Fleck rfleck at cigital.com
Mon Jul 23 13:34:28 New Zealand Standard Time 2001

> From: Greg Underwood [mailto:gunderwoodhsd at earthlink.net]
> At 10:08 PM 7/12/01 -0700, Sean Kelly wrote:
>> From: "Tand'a-ur" <tandaur at ix.netcom.com>
>>> Hi, long time lurker here, and I've just about had it with a few
>>> troublemakers that like to frequent my MUD.  Banning doesn't
>>> work because they have ip spoofers and will just come back with
>>> another made up ip. I was wondering if there is a way to detect
>>> a phony ip and just flat out deny connections to them.
>> Unless I'm misinformed, there is no way to maintain an
>> interactive session with a spoofed IP.  What happens is that the
>> response packets go to whatever that IP is and not back to the
>> originator.

> This is my understanding of it as well.  Any responses go back to
> the faked IP address.  All you can accomplish with an IP spoof is
> to ......

Well, in certain conditions you could do it successfully.  For
example if the ip you are spoofing is on the same segment as you, or
routed through your segment, you can see the responses...  This
works best if you have some way to ensure that the spoofed client
won't make any noise about the anomalous packets smashing into it.

There are other situations where it can happen too, but we are
talking serious protocol voodoo.

Check out Intravenous @ www.packetninja.net

Bob Fleck
<Tycho at Lost Souls>
MUD-Dev mailing list
MUD-Dev at kanga.nu

More information about the MUD-Dev mailing list