[VOIPSEC] Spoof of IP address within a (large) domain

Jeffrey Skelton jskelt at net2phone.com
Wed Mar 23 12:53:59 CST 2005 

These arguments about various "rogue" (or righteous) edge extensions would
seem to apply equally to IP address as a reliable key for location lookup or
location information pushed from a DHCP server.

Don't methods claim that something other than the actual edge node knows
what the physical location of that edge node is?


On 3/22/05 3:12 PM, "Robert Moskowitz" <rgm at icsalabs.com> wrote:

> At 04:22 PM 3/17/2005, Brian Rosen wrote:
>> Now it's my turn to "ask the experts".
>> 
>> 
>> 
>> I have someone proposing a solution to a large problem of "where are you?";
>> that is, finding your own location.
>> 
>> It's for 9-1-1, and we have one mechanism, DHCP, that we are pretty happy
>> with; you can spoof within your subnet, but that's about it, and location
>> doesn't vary much within the subnet.
> 
> I've read through all the comments here and see that a couple of items have
> not been covered that using IP addresses as a physical locator is a total
> waste of time.  Well not total yet, but getting there.
> 
> First as two subnets.
> 
> With developments in bridging equipment over the past 5 years or so, many
> places are running flat networks.  My colleague in 802.1 from Enterasys
> said that they have one university running flat with 100,000 devices.  You
> know the IP address is somewhere, but no more than that.  MAC address is a
> better indicator.
> 
> But more likely than that are technologies like MobileIP.
> 
> I could be running my home agent on my DSL line and be anywhere in the
> world, thanks to IPnIP (protocol 9, as I recall).  I could be running the
> call over an ESP tunnel with the same results.  The IP address does not
> locate the device within the Internet.
> 
> Of course HIP does this the right way.  The IP address stays where it
> belongs and the system stack moves around the internet.  But then HIP is
> only beginnig to get attention eventhough I wrote the first paper on it in
> Jan '99...
> 
> The one example of a Asterisk server is another way that IP address seen is
> not the IP address of the device.
> 
> Finally, how does the DSL provider really know which house that call came
> from?  What if the homeowner is providing wireless services via an 802.11
> network to the neighbors?  (or the neighbor just lunching off an open
> network...).
> 
> You want reliable locator, put digital certs from the vendor and GPS
> hardware to deliver authenticated location information.  Look at what
> 802.11p is facing for authenticating car locations (and they are tackling
> anonymity).
> 
> 
> 
> 
> 
> Robert Moskowitz
> Senior Technical Director
> ICSA Labs, a division of Cybertrust, Inc.
> W:      248-968-9809
> F:      248-968-2824
> E:      rgm at icsalabs.com
> 
> There's no limit to what can be accomplished
> if it doesn't matter who gets the credit
> 
> 
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list