[VOIPSEC] Spoof of IP address within a (large) domain

Robert Moskowitz rgm at icsalabs.com
Tue Mar 22 14:12:06 CST 2005 

At 04:22 PM 3/17/2005, Brian Rosen wrote:
>Now it's my turn to "ask the experts".
>
>
>
>I have someone proposing a solution to a large problem of "where are you?";
>that is, finding your own location.
>
>It's for 9-1-1, and we have one mechanism, DHCP, that we are pretty happy
>with; you can spoof within your subnet, but that's about it, and location
>doesn't vary much within the subnet.

I've read through all the comments here and see that a couple of items have 
not been covered that using IP addresses as a physical locator is a total 
waste of time.  Well not total yet, but getting there.

First as two subnets.

With developments in bridging equipment over the past 5 years or so, many 
places are running flat networks.  My colleague in 802.1 from Enterasys 
said that they have one university running flat with 100,000 devices.  You 
know the IP address is somewhere, but no more than that.  MAC address is a 
better indicator.

But more likely than that are technologies like MobileIP.

I could be running my home agent on my DSL line and be anywhere in the 
world, thanks to IPnIP (protocol 9, as I recall).  I could be running the 
call over an ESP tunnel with the same results.  The IP address does not 
locate the device within the Internet.

Of course HIP does this the right way.  The IP address stays where it 
belongs and the system stack moves around the internet.  But then HIP is 
only beginnig to get attention eventhough I wrote the first paper on it in 
Jan '99...

The one example of a Asterisk server is another way that IP address seen is 
not the IP address of the device.

Finally, how does the DSL provider really know which house that call came 
from?  What if the homeowner is providing wireless services via an 802.11 
network to the neighbors?  (or the neighbor just lunching off an open 
network...).

You want reliable locator, put digital certs from the vendor and GPS 
hardware to deliver authenticated location information.  Look at what 
802.11p is facing for authenticating car locations (and they are tackling 
anonymity).





Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of Cybertrust, Inc.
W:      248-968-9809
F:      248-968-2824
E:      rgm at icsalabs.com

There's no limit to what can be accomplished
if it doesn't matter who gets the credit

More information about the Voipsec mailing list