Penetration Testing mailing list archives
Re: IP Spoofing/Masquarading
From: Jared Curtis <jared () w00ttech com>
Date: Wed, 9 Sep 2009 12:14:11 -0700
Assuming that the ISP is not filtering RFC1918 address than the packet will travel like any other. The source IP is not used in routing to the destination network. The return trip will need to use the source IP address. In the case of a spoofed IP attack, the attacker will NOT be able to receive the response packets unless they are some how sniffing the connection. A spoofed IP attack is used mostly in DoS attacks or in situations where the attacker can guess all the response packets. On Wed, Sep 9, 2009 at 1:37 AM, M.D.Mufambisi<mufambisi () gmail com> wrote:
Im not sure im being clear here. How does the packet get to the firewall in the first place when it has a source address of a machine within the firewall perimeter? internet--------------firewall(router)--------------lan from the internet....how does the packet get to the firewall when it has the lan ip addresses (ie private addresses)? Or am i failing to understand how this attack works? On 9/9/09, Sebastiaan <littlebighuman () gmail com> wrote:It usually doesn't. Most firewalls will drop this by default as will many routers. On 9/9/09, M.D.Mufambisi <mufambisi () gmail com> wrote:I understand that IP packets can be spoofed ie change the source address to make it look like they originated from the internal LAN. However, when this is done across the internet, with a private IP address in its source field, how does this packet get routed through the internet? Kind Regards ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- RE: IP Spoofing/Masquarading, (continued)
- RE: IP Spoofing/Masquarading David_Falloon (Sep 09)
- Re: IP Spoofing/Masquarading Robert Portvliet (Sep 09)
- Re: IP Spoofing/Masquarading James Bensley (Sep 09)
- Message not available
- Re: IP Spoofing/Masquarading M.D.Mufambisi (Sep 09)
- Re: IP Spoofing/Masquarading Fabien Vincent (Sep 09)
- Re: IP Spoofing/Masquarading M.D.Mufambisi (Sep 09)
- Re: IP Spoofing/Masquarading Marco Ivaldi (Sep 09)
- Re: IP Spoofing/Masquarading M.D.Mufambisi (Sep 09)
- Re: IP Spoofing/Masquarading matteo filippetto (Sep 09)
- Message not available
- Re: IP Spoofing/Masquarading M.D.Mufambisi (Sep 09)
- Re: IP Spoofing/Masquarading Sebastiaan (Sep 09)
- Re: IP Spoofing/Masquarading Jared Curtis (Sep 09)
- Re: IP Spoofing/Masquarading M.D.Mufambisi (Sep 09)
- Re: IP Spoofing/Masquarading aditya mukadam (Sep 09)
- Re: IP Spoofing/Masquarading R. DuFresne (Sep 09)
- RE: IP Spoofing/Masquarading Erik Soosalu (Sep 09)
- Re: IP Spoofing/Masquarading Samuel Korpi (Sep 09)