paranoia
Robert Watson
rwatson at FreeBSD.org
Thu Feb 17 03:53:17 PST 2005
On Wed, 16 Feb 2005, Andrew Heyn wrote:
> Here's an on/off topic question i've been wondering about forever...
>
> I always see people replace their IPs with fake replacements. Is this
> paranoia really warranted? Why not disconnect the cat5 if you want to
> do this?
>
> Or am I not seeing things the right way?
People who "fake" IPs generally do so for purposes of anonymity or to
prevent revealing information about their network infrastructure. Here
are a few examples of situations where people look to conceal their IP
addresses
- Firewalls and NATs perform address translation to conceal the internal
layout of a network. This can make it substantially harder to
effectively attack a network.
- Spammers attempt to conceal their IP addresses so that they cannot be
tracked back to a particular ISP.
- Attackers using distributed denial of service attacks will conceal their
IP addresses so they cannot be traced back to a particular end-host.
- End-users seeking to send anonymous tips, etc, i.e., to the police,
media, or others, will conceal their IP addresses to hide their
identities.
So there's quite a spectrum of interest in the topic :-). Sometimes this
is done by spoofing IP addresses using raw sockes or BPF; other times, it
is done through proxies, onion routing, and so on, which requires
collaboration by other parties (witting or otherwise).
Robert N M Watson
More information about the freebsd-net
mailing list