The only new is that the attacker relays the packets from the trusted client. This is not needed for the spoof. The solution in the defcon 8 presentation is far more easier. You do not need to arpspoof and NAT. * Spoof trusted client on the same LAN: Just take the MAC and IP of the trusted host. * Spoof an upstream trusted client: Just take the MAC of the upstream router and the IP of the trusted client. Defcon 8: http://www.defcon.org/html/defcon-8/defcon-8-post.html Read "Full Connection Vanilla IP-Spoof" in the presentation at: http://www.wittys.com/files/defcon_vitek.ppt All responses containing: 1: "But on a switched environment ..." 2: "But if you take same MAC as the ..." will be redirected to /dev/null //Ian Vitek, iXsecurity mailto:ian.vitek@ixsecurity.com Hi, In an article available at http://www.althes.fr/ressources/avis/smartspoofing.htm, we describe a new technique for spoofing an IP address using ARP cache poisoning and network translation. The IP smart spoofing allows to run any application with a spoofed IP address and thus, bypass many access control based on source IP address. As a result, we will explain why IP based access control is not reliable on firewalls, routers or applications. Regards, Laurent Licour (llicour@althes.fr) & Vincent Royer (vroyer@althes.fr) http://www.althes.fr