iptables: is it possible to spoof NEW packets and make them look like ESTABLISHED packets?

See title for the question.

This question relates to a previous question wherein I asked the difference between NEW,ESTABLISHED and RELATED , see it here iptables: difference between NEW, ESTABLISHED and RELATED packets One of the rules has NEW in it, and I'm concerned packets will slip through because I'm accepting ssh traffic once it passes the rule. I think I need to ad ESTABLISHED to the rule as well. And maybe even RELATED if it's possible to spoof both. So that's the question. Is it possible ?


Solution 1:

No.

(at least, not without some vulnerability or bizarre naughtiness involving sequence prediction or boring naughtiness such as man in the middle.)

ssh would protect against those types of attack. even if your attacker managed to convince netfilter to not drop the packets, the ssh server and client would both puke at the random unencrypted traffic and close the connection themselves.