[VOIPSEC] Spoof of IP address within a (large) domain
Brian G
briang at net109.com
Wed Mar 23 08:51:52 CST 2005
I suspect that the DSL provider is using PPPoE and they know the tunnel
termination point so they know the IP address at the subscriber end of
the tunnel. You can spoof the source address of an IP packet but it
will still be encased in the "tunnel" packet.
Brian G.
On Thu, 2005-03-17 at 16:22, Brian Rosen wrote:
> Now it's my turn to "ask the experts".
>
>
>
> I have someone proposing a solution to a large problem of "where are you?";
> that is, finding your own location.
>
> It's for 9-1-1, and we have one mechanism, DHCP, that we are pretty happy
> with; you can spoof within your subnet, but that's about it, and location
> doesn't vary much within the subnet.
>
>
>
> For various reasons, there are folks who don't like that idea and are
> pushing another. They want server in the domain to return your address when
> asked. They propose to use your IP address as the key to who "you" is.
> Just for the moment, ignore the issues of what the protocol is and what its
> security characteristics are. They say that within their network (think a
> big DSL network), you cannot spoof IP addresses.
>
>
>
> I was pretty taken aback by that. I thought it was pretty easy to spoof. I
> understand that they have the DSL modems pretty wired down (they won't let
> you spoof an address coming from the DSL modem; they know what IP address it
> should be), but I thought there were other was to spoof.
>
>
>
> So that's my question: is IP address good enough, or are they just
> delusional that they can prevent spoofing within the domain.
>
>
>
> Brian
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list