> For lack of better terminology, I have been calling both of the
> following situations 'spoofing'. If there is a better industry term
> for the second scenario I would like to hear it:
> 1. MIBH (Man in Black Hat) knows the internal workings of the network
> at company X. MIBH directly attempts to use an internal trusted IP
> address from an untrusted attached network.
> 2. MIBH believes that company X is properly firewalled and that spoof
> type 1 will not work. MIBH knows that company X has strong ties with
> company Y. MIBH attempts to use the company Y IP address to gain
> trusted access to application proxies on the firewall.
"Spoofing" refers to looking like someone else. In both cases you are
spoofing, that is, you are making yourself (the packets you send out) appear
to come from someone else. One way to gain access to a site is to spoof a
trusted host. In other words, make yourself look like a machine that is
trusted. Both of the cases you mention do this. The first one is spoofing an
internal address; the second is spoofing a trusted external address.