Firewall Wizards mailing list archives
Re: IP Spoofing.
From: Emiliano Kargieman <core.lists.firewall-wizards () core-sdi com>
Date: 30 Sep 1999 18:02:46 -0300
Randy Witlicki wrote:
In the original blind IP spoofing (Mitnick, etc.) you had two big holes: - Predictable initial TCP sequence numbers, and; - Trust (as in /.rhosts) with no security perimeter.
I think you are confusing IP spoofing with TCP spoofing, those are two different things.you don't have any sequence number in IP, so you don't have to predict one... and the trust relationship is also not needed, i.e.: if you have a good reason to spoof an IP packet then you have a good reason to do it. (trying to exploit a trust relationship could be a good reason)
So, the original poster's boss may be correct, if he is refering to blind spoofing and he has a strong OS with prudent perimeter security. - Randy
a good IP implementation can't prevent IP spoofing, this is a protocol design problem. (as opposed to TCP ISN prediction which is a protocol implementation problem) Also, perimeter security will do nothing for you here... the only thing you can prevent with 'perimeter security' is somebody spoofing IP src address of your inside network. regards, EK. -- ===================[ CORE Seguridad de la Informacion S.A. ]======================= Emiliano Kargieman emiliano_kargieman () core-sdi com Director de Investigacion www.core-sdi.com Corelabs Pte. Juan D. Peron 315 Piso 4 UF 17 Buenos Aires, (1038). Argentina. Tel/Fax : +(54.11)43.31.54.02 =================================================================================== "When I was younger, I could remember anything, whether it had happened or not; but my faculties are decaying now and soon I shall be so I cannot remember any but the things that never happened. It is sad to go to pieces like this but we all have to do it." -- Mark Twain "La maxima adquisicion psicologica del mundo portenio es la absoluta insumision de las nuevas generaciones" -- Florencio Escardo --- For a personal reply use emiliano_kargieman () core-sdi com
Current thread:
- IP Spoofing. Christopher C. Petro (Sep 18)
- Re: IP Spoofing. William Stearns (Sep 19)
- Re: IP Spoofing. Tim Kramer (Sep 20)
- RE: IP Spoofing. Joseph Williams (Sep 20)
- Re: IP Spoofing. altellez (Sep 21)
- Re: IP Spoofing. Carric Dooley (Sep 28)
- Re: IP Spoofing. Randy Witlicki (Sep 29)
- Re: IP Spoofing. Paul D. Robertson (Sep 30)
- Re: IP Spoofing. Peter J. Kunz (Sep 30)
- Re: IP Spoofing. Ivan Arce (Sep 30)
- Re: IP Spoofing. Emiliano Kargieman (Sep 30)
- RE: IP Spoofing. Kurt Buff (Sep 30)
- RE: IP Spoofing. Rick Smith (Sep 30)
- Re: IP Spoofing. Randy Witlicki (Sep 29)
- <Possible follow-ups>
- Re: IP Spoofing. Steven M. Bellovin (Sep 19)
- Re: IP Spoofing. Robert Graham (Sep 21)