Date: Thu, 17 Feb 2005 11:51:52 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Andrew Heyn <aheyn@jmsent.com> Cc: freebsd-net@freebsd.org Subject: Re: paranoia Message-ID: <Pine.NEB.3.96L.1050217114811.38170B-100000@fledge.watson.org> In-Reply-To: <CLELJKHKLJLNMNHGHFIDAECHCBAA.aheyn@jmsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 16 Feb 2005, Andrew Heyn wrote: > Here's an on/off topic question i've been wondering about forever... > > I always see people replace their IPs with fake replacements. Is this > paranoia really warranted? Why not disconnect the cat5 if you want to > do this? > > Or am I not seeing things the right way? People who "fake" IPs generally do so for purposes of anonymity or to prevent revealing information about their network infrastructure. Here are a few examples of situations where people look to conceal their IP addresses - Firewalls and NATs perform address translation to conceal the internal layout of a network. This can make it substantially harder to effectively attack a network. - Spammers attempt to conceal their IP addresses so that they cannot be tracked back to a particular ISP. - Attackers using distributed denial of service attacks will conceal their IP addresses so they cannot be traced back to a particular end-host. - End-users seeking to send anonymous tips, etc, i.e., to the police, media, or others, will conceal their IP addresses to hide their identities. So there's quite a spectrum of interest in the topic :-). Sometimes this is done by spoofing IP addresses using raw sockes or BPF; other times, it is done through proxies, onion routing, and so on, which requires collaboration by other parties (witting or otherwise). Robert N M Watson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1050217114811.38170B-100000>