[BNM] How easy is it to spoof an ip address

Andy Budd bnmlist@brightonnewmedia.org
Fri Mar 14 10:45:00 2003

Hi Guy's,

This is a question for all the hackers out there. One of our clients 
has an intranet which is available over the net. They really don't want 
to implement password protection (despite our insistence) and instead 
have got their host to allow access based on ip address.

What I want to know is how (in)secure is this? How easy would it be to 
spoof an ip address? If it is quite easy could somebody explain to me 
how it's done. We would like to be able to show our clients the 
potential security risk and encourage them to password protect the site.