[VOIPSEC] Spoof of IP address within a (large) domain

Rick.Wanner at sasktel.sk.ca Rick.Wanner at sasktel.sk.ca
Tue Mar 22 09:57:19 CST 2005 

They are delusional...to a point.

IP Addresses are trivial to spoof.  But...The problem with spoofing IP 
addresses is that routing in the network will not return the packets (and 
therefore you cannot establish a connection) unless you are in the same 
subnet, or along the network path (MITM) to the address you are spoofing.  
Within this limited scope it is possible to spoof IPs or hijack 
connections.

Some DSL/Cable service providers nail down IP addresses to MAC addresses, 
which can increase the complexity of spoofing somewhat, but MAC addresses 
are relatively easy to spoof as well.

As for which method is best...they both have their pros and cons.  The 
DHCP one is probably simpler to implement.

Rick





"Brian Rosen" <br at brianrosen.net>
Sent by: Voipsec-bounces at voipsa.org
03/17/2005 03:22 PM

 
        To:     <voipsec at voipsa.org>
        cc: 
        Subject:        [VOIPSEC] Spoof of IP address within a (large) domain


Now it's my turn to "ask the experts".

 

I have someone proposing a solution to a large problem of "where are 
you?";
that is, finding your own location.

It's for 9-1-1, and we have one mechanism, DHCP, that we are pretty happy
with; you can spoof within your subnet, but that's about it, and location
doesn't vary much within the subnet.

 

For various reasons, there are folks who don't like that idea and are
pushing another.  They want server in the domain to return your address 
when
asked.  They propose to use your IP address as the key to who "you" is.
Just for the moment, ignore the issues of what the protocol is and what 
its
security characteristics are.  They say that within their network (think a
big DSL network), you cannot spoof IP addresses.

 

I was pretty taken aback by that.  I thought it was pretty easy to spoof. 
I
understand that they have the DSL modems pretty wired down (they won't let
you spoof an address coming from the DSL modem; they know what IP address 
it
should be), but I thought there were other was to spoof.

 

So that's my question: is IP address good enough, or are they just
delusional that they can prevent spoofing within the domain.

 

Brian

_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org






NOTICE:  This confidential e-mail message is only for the intended 
recipient(s). If you are not the intended recipient, be advised that 
disclosing, copying, distributing, or any other use of this message, is 
strictly prohibited. In such case, please destroy this message and notify 
the sender.

More information about the Voipsec mailing list