I have learned about how a poorly configured firewall can be used to
spoof. That is, a cracker sends a packet to the firewall with the
source IP of a host inside the firewall, the firewall then sends it out
as if it originated from within the firwall.
If the source address is from inside the firewall, then why would any
activity that the packet triggered outside the firewall go back to the
cracker? It would seem, that it would get sent back to the "source"
which is a host inside the firewall. That host wouldn't know what the
hell it was, so what would it do? Or am I missing something here?
All I can think of that I am missing is that the packet contains some
additional info that causes it's result to get sent back to the original
Thus, the cracker must have put his IP address somewhere in the packet.
Thus, he can be traced, right?
Any experts on this, please explain if you can.
Lastly, what is IP hijacking? How can it be avoided on a cable internet
connection? How can spoofing attempts or hijacking attempts be
Thanks very much.
Christopher R. Carlen
My OS is Linux!