Can you 'fake' an IP address?

[Mike Kallies]

On 13/03/2012 1:57 PM, Alejandro Imass wrote:
> On Mon, Mar 12, 2012 at 10:59 AM, Mike Kallies <mike.kallies-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
>> On 12/03/2012 10:11 AM, Thomas Milne wrote:
>>> This is a quote from an article about this Pierre Poutine business:
>>>
>>> "When he went back and analyzed the data on that server, he realized
> [...]
>> true, you can't forge an IP address.  But if you're poisoning a DNS
>> server, or lobbing in a broadcast ping, although you need to guess the
>> transaction ID, you don't need a reply packet... so forging an IP is
>> useful in some circumstances.
>>
> 
> Yeah, I am no expert but even in these cases you need to be the man in
> the middle or at least in the same network segment. Most modern
> switches will automatically detect and block ARP poisoning but there
> are a lot which don't . Anyway as you say it is highly unlikely as the
> perpetrator must be (a) on the same segment/mask, (b) the network
> infrastructure be old/cheap/hub , (c) OR the perpetrator has control
> over a router/gateway where the poisoning is most effective. Even for
> sniffing you need to be quite proficient and basically useless outside
> a specific network segment.
> 


Strangely, you don't need to be in the same network segment for this or
a man in the middle.  ARP spoofing, yes, but forging an IP, no.

Many ISPs don't filter on packets originating from their networks, and
once you get enough hops of non-filtering (say 1 or 2) , then filtering
is too costly and complex.

e.g., if Rogers receives a packet on an interface where normally traffic
from Algeria arrives, and the source IP is an Amercian address, the
router is not going to know or care, it will forward it.


-Mike
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists