Penetration Testing mailing list archives
Re: IP Spoofing/Masquarading
From: Marco Ivaldi <raptor () mediaservice net>
Date: Wed, 9 Sep 2009 10:34:09 +0200 (ora legale Europa occidentale)
On Wed, 9 Sep 2009, M.D.Mufambisi wrote:
I understand that IP packets can be spoofed ie change the source address to make it look like they originated from the internal LAN. However, when this is done across the internet, with a private IP address in its source field, how does this packet get routed through the internet?
The source field is not relevant to IP routing, only the destination is. I strongly suggest you to read "TCP/IP Illustrated Vol. 1" by W. Richard Stevens [1].
On the other hand, if proper egress filtering [2] is in place, you'll have trouble spoofing the source address of the packets leaving your network.
[1]. http://books.google.com/books?id=-btNds68w84C&lpg=PA37&ots=e-u0USRsms&dq=ip%20routing%20stevens&pg=PA37#v=onepage&q=&f=false [2]. http://en.wikipedia.org/wiki/Egress_filtering Hope this helps, -- Marco Ivaldi Lead Security Analyst Data Security Division @ Mediaservice.net Srl http://mediaservice.net/ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- IP Spoofing/Masquarading M.D.Mufambisi (Sep 09)
- Re: IP Spoofing/Masquarading Gerardo Castillo Alvarado (Sep 09)
- RE: IP Spoofing/Masquarading Erik Soosalu (Sep 09)
- Re: IP Spoofing/Masquarading Chris Brenton (Sep 09)
- RE: IP Spoofing/Masquarading David_Falloon (Sep 09)
- Re: IP Spoofing/Masquarading Robert Portvliet (Sep 09)
- Re: IP Spoofing/Masquarading James Bensley (Sep 09)
- Message not available
- Re: IP Spoofing/Masquarading M.D.Mufambisi (Sep 09)
- Re: IP Spoofing/Masquarading Fabien Vincent (Sep 09)
- Re: IP Spoofing/Masquarading M.D.Mufambisi (Sep 09)
- Re: IP Spoofing/Masquarading Gerardo Castillo Alvarado (Sep 09)
- Re: IP Spoofing/Masquarading Marco Ivaldi (Sep 09)
- Re: IP Spoofing/Masquarading M.D.Mufambisi (Sep 09)
- Re: IP Spoofing/Masquarading matteo filippetto (Sep 09)
- Message not available
- Re: IP Spoofing/Masquarading M.D.Mufambisi (Sep 09)
- Re: IP Spoofing/Masquarading Sebastiaan (Sep 09)
- Re: IP Spoofing/Masquarading Jared Curtis (Sep 09)
- Re: IP Spoofing/Masquarading M.D.Mufambisi (Sep 09)
- Re: IP Spoofing/Masquarading aditya mukadam (Sep 09)
- Re: IP Spoofing/Masquarading R. DuFresne (Sep 09)
- RE: IP Spoofing/Masquarading Erik Soosalu (Sep 09)
- Re: IP Spoofing/Masquarading Samuel Korpi (Sep 09)