Re: IP Spoofing/Masquarading

[Sebastiaan <littlebighuman () gmail com>]

Well routing takes place based on the destination address, unless you
specifically configure source routing, which isn't the case usually.

So if you have packet is:

source 192.168.1.1 destination 216.239.32.10

It will be send (usually) to your default gateway on your network
destination Internet.

Then usually the firewall will drop this, because most firewalls I
know drop packets with a private source address.

So spoofing with a private source address on the Internet isn't
usually going to work. Unless it's in a tunnel or something.

On 9/9/09, M.D.Mufambisi <mufambisi () gmail com> wrote:
> Im not sure im being clear here. How does the packet get to the
> firewall in the first place when it has a source address of a machine
> within the firewall perimeter?
>
> internet--------------firewall(router)--------------lan
>
> from the internet....how does the packet get to the firewall when it
> has the lan ip addresses (ie private addresses)? Or am i failing to
> understand how this attack works?
>
>
>
> On 9/9/09, Sebastiaan <littlebighuman () gmail com> wrote:
> > It usually doesn't. Most firewalls will drop this by default as will many
> > routers.
> >
> > On 9/9/09, M.D.Mufambisi <mufambisi () gmail com> wrote:
> > > I understand that IP packets can be spoofed ie change the source
> > > address to make it look like they originated from the internal LAN.
> > > However, when this is done across the internet, with a private IP
> > > address in its source field, how does this packet get routed through
> > > the internet?
> > >
> > > Kind Regards
> > >
> > > ------------------------------------------------------------------------
> > > This list is sponsored by: Information Assurance Certification Review
> > > Board
> > >
> > > Prove to peers and potential employers without a doubt that you can
> > > actually do a proper penetration test. IACRB CPT and CEPT certs require a
> > > full practical examination in order to become certified.
> > >
> > > http://www.iacertification.org
> > > ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------