Robin Becker wrote:
1) is this a recognized form of attack? I can see that it could be used
for password harvesting and traffic interception, but are there other
implications.
ip spoofing is a well known attack.
2) Are there ways to mitigate this kind of problem? We have other hosted
server
Taking over an IP is a known way to inspect traffic. Essentially if done
well the spoofing server will act like a proxy server, inspecting the data
and sending it along to the correct server. Another way, particularly at a
data center is to setup a server running the NIC in promiscuous mode so
We have a remotely hosted 6.0 server that has apparently been
impersonated by a colocated server. The provider allows root access and
we have set up our server from a base 6.0 installation. We were
allocated an ip address and mostly we have had a good experience with
this setup. However, twice
