Re: IP Spoofing/Masquarading

[Brad Edmondson <brad.edmondson () gmail com>]

I think the idea is that you don't trust anything outside your
perimeter.  Though it's highly unlikely, the switch or router just
outside your border can become malicious or compromised, which could
then send through your border routers into your internal network.
Dropping "non-routable" traffic when it shows up where it shouldn't is
everyone's responsibility, and any decent ISP will do it (that is,
drop it before it would get passed on to you).  But do you want to
rely on them to do that, knowing that if the ISP were to stop or fail
to block, that your router will bring them into your internal net?
It's usually (always) worth it to drop the non-routables yourself as
well, even considering the likely redundancy.

It can be intersting to set up a hub at the border of a test network
and see what you can get over to the internal side to see if your
router is correctly configured.

I hope this helps,
Brad

On 2009-09-09, M.D.Mufambisi <mufambisi () gmail com> wrote:
> So can someone explain ip spoofing in the sense that a packet may be
> spoofed to make it appear as if it originated from the internal lan
> yet it did not. I need an explanation of how it works and how the
> packet is structured.
>
> regards
>
> MD
>
> On 9/9/09, Dan Howerton <danny.howerton () gmail com> wrote:
> > M.D. -
> >
> > The packet wont get to the internet. The moment your ISP sees it, it will
> > be
> > dropped.
> >
> > On Wed, Sep 9, 2009 at 12:19 AM, M.D.Mufambisi <mufambisi () gmail com>
> > wrote:
> >
> > > I understand that IP packets can be spoofed ie change the source
> > > address to make it look like they originated from the internal LAN.
> > > However, when this is done across the internet, with a private IP
> > > address in its source field, how does this packet get routed through
> > > the internet?
> > >
> > > Kind Regards
> > >
> > > ------------------------------------------------------------------------
> > > This list is sponsored by: Information Assurance Certification Review
> > > Board
> > >
> > > Prove to peers and potential employers without a doubt that you can
> > > actually do a proper penetration test. IACRB CPT and CEPT certs require a
> > > full practical examination in order to become certified.
> > >
> > > http://www.iacertification.org
> > > ------------------------------------------------------------------------
> >
> >
> > --
> > Dan Howerton
> > http://metacortexsecurity.com
> > GPG key: 10F5DDA5
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually
> do a proper penetration test. IACRB CPT and CEPT certs require a full
> practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------