[1937] in WWW Security List Archive
Re: Restrictions group without ask for the password
daemon@ATHENA.MIT.EDU (Lianyi Zhu)
Tue Apr 30 21:00:24 1996
From: Lianyi Zhu <zhul@cs.uregina.ca>
To: ewieling@hephaestus.icorp.net (Eric Wieling)
Date: Mon, 29 Apr 1996 09:17:10 -0600 (CST)
Cc: adam@lighthouse.homeport.org, dmurray@pdssoftware.com,
www-security@ns2.rutgers.edu
In-Reply-To: <199604271637.LAA01081@hephaestus.icorp.net> from "Eric Wieling" at Apr 27, 96 11:37:48 am
Errors-To: owner-www-security@ns2.rutgers.edu
>
> I'm not an expert in the matter, but I wonder how ACK packets and
> return data gets back to the machine doing the IP spoofing? I would
> assume that it would tough to say the least with things like source
> routing turned off in the router connecting your network to the
> Internet.
>
> Let's say that the Bad Guy is on network 206.45.100.0, the Innocent
> Guy is on network 156.23.90.0. The Bad Guy spoofs his IP packets to
> appear to come from 167.200.87.4. The packets will be routed
> correctly to the Good Guy's machines, but the reply packets will be
> routed back to network 167.200.87.0 rather than to 206.45.100.0.
> This assumes that the Good Guy's Internet router is set up with at
> least minimal defenses against spoofing addresses on it's local
> network and has been told to reject various little used options such
> as loose source routing, etc.
This is true for TCP packets. How about UDP packets though?
And as long as the "bomb" sent from the Bad Guy is taken by the Good
Guy's machines, the Bad Guy doesn't care about ACK packets. Does he?
John Yan
>
> --Eric
>
> --
> Eric Wieling
> Network Operations Center
> Inter Commerce Corporation
> Technical Support: 504-525-1868
> Administrative: 504-585-7303
>
