Penetration Testing mailing list archives
RE: IP Spoofing/Masquarading
From: <David_Falloon () kaltire com>
Date: Wed, 9 Sep 2009 08:54:04 -0700
Any competent ISP will prevent such packets from leaving their network. In cisco land its called "ip verify unicast reverse path". Basically it means the router won't pass packets addressed with a source it doesn't have a route for. So if the router is on 10.0.0.0/24 and you tell it your packets are from 10.1.0.0/24 the packet will drop straight into the bit bucket. Also, some ISP's route the private networks to their security department NIDS, to be investigated ( most don't though as there are a pile of reasons for private network traffic to leak out onto the internet and you don't want to pay pros to investigate a little old lady with her linksys router jacked backwards ). --Dave
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of M.D.Mufambisi Sent: Tuesday, September 08, 2009 11:20 PM To: pen-test () securityfocus com Cc: security-basics Subject: IP Spoofing/Masquarading I understand that IP packets can be spoofed ie change the source address to make it look like they originated from the internal LAN. However, when this is done across the internet, with a private IP address in its source field, how does this packet get routed through the internet? Kind Regards -------------------------------------------------------------- ---------- This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org -------------------------------------------------------------- ----------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- IP Spoofing/Masquarading M.D.Mufambisi (Sep 09)
- Re: IP Spoofing/Masquarading Gerardo Castillo Alvarado (Sep 09)
- RE: IP Spoofing/Masquarading Erik Soosalu (Sep 09)
- Re: IP Spoofing/Masquarading Chris Brenton (Sep 09)
- RE: IP Spoofing/Masquarading David_Falloon (Sep 09)
- Re: IP Spoofing/Masquarading Robert Portvliet (Sep 09)
- Re: IP Spoofing/Masquarading James Bensley (Sep 09)
- Message not available
- Re: IP Spoofing/Masquarading M.D.Mufambisi (Sep 09)
- Re: IP Spoofing/Masquarading Fabien Vincent (Sep 09)
- Re: IP Spoofing/Masquarading M.D.Mufambisi (Sep 09)
- Re: IP Spoofing/Masquarading Gerardo Castillo Alvarado (Sep 09)
- Re: IP Spoofing/Masquarading Marco Ivaldi (Sep 09)
- Re: IP Spoofing/Masquarading M.D.Mufambisi (Sep 09)
- Re: IP Spoofing/Masquarading matteo filippetto (Sep 09)
- Message not available
- Re: IP Spoofing/Masquarading M.D.Mufambisi (Sep 09)
- Re: IP Spoofing/Masquarading Sebastiaan (Sep 09)
- Re: IP Spoofing/Masquarading Jared Curtis (Sep 09)
- Re: IP Spoofing/Masquarading M.D.Mufambisi (Sep 09)