On Oct 8, 4:00 pm, samsloan wrote:
On Oct 8, 4:42 pm, Rob wrote:

USCF google group has just such a posting. It is even a video.

http://groups.google.com/group/USCF-Chess
Rob

"Rob" fails to tell you that the posting was made by himself. He wants
people to join his group. Here it is:

Much has been claimed lately. Anyone can easily fake an IP address.
This video shows you how it is done.

http://www.metacafe.com/watch/331953...ur_ip_address/


Message from discussion Forging IP addresses in headers


View parsed - Show only message text

From: (Jim Britain)
Subject: Forging IP addresses in headers
Date: 1999/05/02
Message-ID: 372ded35.27737785@news#1/1
X-Deja-AN: 473093666
Content-Transfer-Encoding: 7bit
References:
Content-Type: text/plain; charset=us-ascii
X-Complaints-To:
X-Trace: news.rdc1.sdca.home.com 925625920 24.4.65.250 (Sat, 01 May
1999 23:18:40 PDT)
Organization: None
MIME-Version: 1.0
NNTP-Posting-Date: Sat, 01 May 1999 23:18:40 PDT
Newsgroups: comp.mail.sendmail

On Fri, 30 Apr 1999 08:49:20 -0400, Jay Ribak
wrote:

Is it possible for spammers to forge the IP address in a received line
of a header? The reason I am asking is this: I have been receiving
spam complaints from various people where the received line claims to
have come from one of my IP addresses. However, nothing in any log
corroborates this information. The system had been an open relay for a
while, but that had been closed down about 2 weeks ago with a POP before
SMTP solution. I am watching the spammers hammering my mail server on a
dialy basis trying to spam through me, but the logs for that show at
least they are getting relaying denied errors. I think that perhaps
they are ****ed for losing their open relay and are relaying from
somewhere else but forging the headers with my IP to get me in trouble.
This is becoming increasingly frustrating because even a line by line
analysis of the maillog suggests that the mail was not sent through my
system.

Any advice would be appreciated.

Yes, absolutely everything can be forged, except for the first
(connection) (From )line generated by your system.

Even that can be subverted by using IP spoofing on the originating
end, but proper firewall/router configurations will deny a connection
claiming to be local from outside..