Protocol Encapsulation

Mark Hummel mhummel at
Thu Aug 9 00:19:56 EST 2001

On Wed, 8 Aug 2001, Sam Couter wrote:

> Mark Hummel <mhummel at> wrote:
> > 
> Spoofing is very difficult for real-life attacks for anything other than a
> DoS type attack (think distributed ping). It's nearly impossible for TCP,
> unless the attacker is on the network path between your server and the
> spoofed IP address.
> As Jeremy said, you can avoid these attacks by using SSL with client
> certificates. It's probably not worth the effort.

Yes, I think you are correct here. The risk does not offset the effort
involved. My machines aren't particularly juicy targets, no. In any case, 
I've found a more simpler solution (involving the physical arrangement
rather than a software solution - I've just reassigned the jobs that I had
planned machines would do. This decision has resulted in me requiring to
run less services. )

So, Thanks for your help Sam and Jeremy. 


More information about the linux mailing list