Re: IP Spoofing/Masquarading

["M.D.Mufambisi" <mufambisi () gmail com>]

Marco,

Thank you very much for the clarity. I had confused things. Source
field is not used for routing. I had missed that. Thanks.

On 9/9/09, Marco Ivaldi <raptor () mediaservice net> wrote:
> On Wed, 9 Sep 2009, M.D.Mufambisi wrote:
>
> > I understand that IP packets can be spoofed ie change the source
> > address to make it look like they originated from the internal LAN.
> > However, when this is done across the internet, with a private IP
> > address in its source field, how does this packet get routed through
> > the internet?
>
> The source field is not relevant to IP routing, only the destination is. I
> strongly suggest you to read "TCP/IP Illustrated Vol. 1" by W. Richard
> Stevens [1].
>
> On the other hand, if proper egress filtering [2] is in place, you'll have
> trouble spoofing the source address of the packets leaving your network.
>
> [1].
> http://books.google.com/books?id=-btNds68w84C&lpg=PA37&ots=e-u0USRsms&dq=ip%20routing%20stevens&pg=PA37#v=onepage&q=&f=false
> [2]. http://en.wikipedia.org/wiki/Egress_filtering
>
> Hope this helps,
>
> --
> Marco Ivaldi
> Lead Security Analyst     Data Security Division
> @ Mediaservice.net Srl    http://mediaservice.net/

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------