[VOIPSEC] Spoof of IP address within a (large) domain

Diana Cionoiu diana-liste at voip.null.ro
Tue Apr 4 12:54:33 BST 2006 

Hello Dan,

It requires a special device as far as i remember.

Diana

P.S. Is nice to see so many romanians on this list. :)

Romascanu, Dan (Dan) wrote:

>Diana,
>
>If I understand well, the threat is on the confidentiality of the
>location information. So, when you say 'is possible .... but the
>procedure is so complicated' do you mean software intensive, or some
>special device, or what? 
>
>Thanks and Regards,
>
>Dan
>
>
> 
> 
>
>  
>
>>-----Original Message-----
>>From: Voipsec-bounces at voipsa.org 
>>[mailto:Voipsec-bounces at voipsa.org] On Behalf Of Diana Cionoiu
>>Sent: Tuesday, April 04, 2006 2:36 PM
>>To: Brian Rosen
>>Cc: voipsec at voipsa.org
>>Subject: Re: [VOIPSEC] Spoof of IP address within a (large) domain
>>
>>Hello Brian,
>>
>>Is possibile to spoof inside a DSL network the IP address but 
>>the procedure is so complicated that doesn't work the trouble 
>>just to now show the right address for 911.
>>
>>Diana
>>
>>Brian Rosen wrote:
>>
>>    
>>
>>>Now it's my turn to "ask the experts".
>>>
>>>
>>>
>>>I have someone proposing a solution to a large problem of "where are 
>>>you?"; that is, finding your own location.
>>>
>>>It's for 9-1-1, and we have one mechanism, DHCP, that we are pretty 
>>>happy with; you can spoof within your subnet, but that's 
>>>      
>>>
>>about it, and 
>>    
>>
>>>location doesn't vary much within the subnet.
>>>
>>>
>>>
>>>For various reasons, there are folks who don't like that 
>>>      
>>>
>>idea and are 
>>    
>>
>>>pushing another.  They want server in the domain to return 
>>>      
>>>
>>your address 
>>    
>>
>>>when asked.  They propose to use your IP address as the key 
>>>      
>>>
>>to who "you" is.
>>    
>>
>>>Just for the moment, ignore the issues of what the protocol 
>>>      
>>>
>>is and what 
>>    
>>
>>>its security characteristics are.  They say that within 
>>>      
>>>
>>their network 
>>    
>>
>>>(think a big DSL network), you cannot spoof IP addresses.
>>>
>>>
>>>
>>>I was pretty taken aback by that.  I thought it was pretty easy to 
>>>spoof.  I understand that they have the DSL modems pretty wired down 
>>>(they won't let you spoof an address coming from the DSL modem; they 
>>>know what IP address it should be), but I thought there were 
>>>      
>>>
>>other was to spoof.
>>    
>>
>>>
>>>So that's my question: is IP address good enough, or are they just 
>>>delusional that they can prevent spoofing within the domain.
>>>
>>>
>>>
>>>Brian
>>>
>>>      
>>>

More information about the Voipsec mailing list