Re: Broken AOL Code - spoofing

[Robert van der Meulen <rvdm () wiretrip org>]

Hi,

Quoting Ryan Sweat (ryans () cecentertainment com):
> When a user logs in to AOL using tcp/ip on a LAN, aol assigns them a public
> ip address.  This ip address is tunneled to the destination within the aol
> connection.  The problem I have found is when any of the common worms on the
> internet happen to scan the 'aol ip', the reply from the users box
> ("destination unreachable/port unreachable") is sent through the LAN with
> the source of the aol ip address.  Many would consider this spoofing.
This is called tunneling, not spoofing.

As much as i dislike AOL, I wouldn't call this broken (although i would be
happy to comment on the weirdness of this system). Tunneling connections
trough your firewall is a design issue, not a software vulnerability issue
(unless you'd like to mark ipsec, CIPE, ipip, ipv6-over-ipv4 and all other
tunneling protocols a vulnerability or spoofing).
Spoofing means you answer on a connection, initiate a connection, terminate
a connection or meddle in a connection with a source address that is not
bound to your host. In this case it is bound to the AOL-ing host, trough the
tunnel.

Greets,
        Robert

-- 
                              Linux Generation
   encrypted mail preferred. finger rvdm () debian org for my GnuPG/PGP key.
   Nine out of ten men who preferred Camels have switched back to women.