[27678] in bugtraq
Re: IP SmartSpoofing : How to bypass all IP filters relying on source IP
daemon@ATHENA.MIT.EDU (Ossian Vitek)
Fri Nov 1 12:30:11 2002
To: bugtraq@securityfocus.com
Message-ID: <OFE1DF2968.516946CB-ONC1256C62.002E9568@guardianit.se>
From: "Ossian Vitek" <ian.Vitek@ixsecurity.com>
Date: Thu, 31 Oct 2002 20:44:36 +0100
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
The only new is that the attacker relays the packets from the trusted
client.
This is not needed for the spoof.
The solution in the defcon 8 presentation is far more easier.
You do not need to arpspoof and NAT.
* Spoof trusted client on the same LAN:
Just take the MAC and IP of the trusted host.
* Spoof an upstream trusted client:
Just take the MAC of the upstream router and the IP of the
trusted client.
Defcon 8:
http://www.defcon.org/html/defcon-8/defcon-8-post.html
Read "Full Connection Vanilla IP-Spoof" in the presentation at:
http://www.wittys.com/files/defcon_vitek.ppt
All responses containing:
1: "But on a switched environment ..."
2: "But if you take same MAC as the ..."
will be redirected to /dev/null
//Ian Vitek, iXsecurity
mailto:ian.vitek@ixsecurity.com
Hi,
In an article available at
http://www.althes.fr/ressources/avis/smartspoofing.htm, we describe a new
technique for spoofing an IP address using ARP cache poisoning and network
translation. The IP smart spoofing allows to run any application with a
spoofed IP address and thus, bypass many access control based on source IP
address. As a result, we will explain why IP based access control is not
reliable on firewalls, routers or applications.
Regards,
Laurent Licour (llicour@althes.fr) & Vincent Royer (vroyer@althes.fr)
http://www.althes.fr
