[1929] in WWW Security List Archive
Re: IP address spoof
daemon@ATHENA.MIT.EDU (Brain21)
Mon Apr 29 00:08:20 1996
Date: Sun, 28 Apr 1996 21:38:25 -0400 (EDT)
From: Brain21 <brain21@montag33.residence.gatech.edu>
To: etdrc@public.bta.net.cn
cc: www-security@ns2.rutgers.edu
In-Reply-To: <199604270750.PAA09973@public.bta.net.cn>
Errors-To: owner-www-security@ns2.rutgers.edu
On Sat, 27 Apr 1996 etdrc@public.bta.net.cn wrote:
> Hi,Could you like to answer me a question?
> I heared of IP address spoof many times.But I don't know what is IP
> address spoof and how to detech it.I also want to know whether the
> access-list added on my router can detech IP address spoof and protect my LAN.
>
IP address spoofing is when I pretend that I am one of your machines in
an attempt to get another one of your machines to allow me access
(showmounting, rlogins, etc.). It's more complicated than that, but
thats the gist of it. Anyway, to stop it configure your gatewayrouter
(the one that connects your LAN to the Net) to examine source addresses.
If it sees a packet coming FROM the Internet pretending to be a machine that
is ON YOUR LAN, then the packets should be logged and dropped. Also,
dont trust machines outside your LAN. I fyou have UNIX boxes on your
LAN, make sure things like .rhosts files are secure (IOW, no "+ +"
entries, and no entries for machines that are NOT in your LAN).
Brain21
