Detecting and Resolving Spoofed IPs

Jeff Bollinger jeff01 at
Mon Mar 11 14:38:56 GMT 2002

Does anyone know of a fool proof way to determine the real IP address of
a system spoofing with one or two spoofed IPs?  For example, you see two
IPs coming across your border router hitting the same host in your LAN
and with the same TCP sequence numbers.  Is it ever possible to
determine the true source IP after it has crossed the ingress on the router?


Jeff Bollinger
University of North Carolina
IT Security Analyst
105 Abernethy Hall
mailto: jeff_bollinger at unc dot edu

More information about the unisog mailing list